Job access control

Access control to job list may be enforced by using realm token associated to jobs.

When a job is created a token (a realm) may be associated to with it: this token will be required used in subsequent requests for accessing job’s status and results or executing dismiss opération.

This feature is optional and is activated with the SERVER_ENABLE_JOB_REALM configuration option.

Using realm token

By default, when a job is created, a realm token is created and associated to the job.

This token is either defined implicitly by creating a unique uuid and returning the value in the X-Job-Realm header of the execution response or set explicitly using the same header in the request.

This token may then be inspected by the client and used in subsequent requests for accessing job’s status and results or executing dismiss opération.

Typical usage is to have a middleware proxy that sets the X-Job-Realm header together with specified authentification procedure.

Administrative realm

When enabling realm, a administrator may be defined. Requesting job’s control using such a token will bypass any other tokens and will give full access to job’s list.

This admin token is defined with the SERVER_ADMIN_REALM configuration option.