If you have these questions you should be using LDAP.
Okay, I will try with LDAP as well. But, please answer my queries, so that I will have an idea at the least.
I guess, I have to keep identical copies of application-user.properties and application-roles.properties in all the nodes. How would that work in a running cluster where I wil keep on adding users. Do I have to manually copy the files on all nodes each time I add a user??
Yes, the properties files are only meant to quickly prototype authentication / authorization, but if you need to share credentials across a cluster you'd better use a directory service
Does it require a restart of the nodes?
No, it will re-read the properties files if they change
If multiple clients access the same cluster, assuming they'll have different distributed caches (lets say based on instance name), how can I ensure that one UserA of instanceA can access only cache entries of cache instanceA. Do I have to define unique role for each instance?
Yes, you will need one role per cache.
- Is there any way that even if I share the same role for different cache (lets say an Admin role with permission All), UserA should be able to access only cache instanceA ? Even if that user accidentally tries to access cache instanceB, he should get an unauthorized access.
As I've answered above, this is not possible.
Agreed. One more thing I would like to know is where can I find the details about permissions attribute of ROLE tag. I read one of your blog (Infinispan Security #3: HotRod authentication | Planet JBoss Developer) in which you explined the authentication for hotrod clients. I used only ALL and it worked with retrieving and storing keys.
Is there only 4 possible values i.e. ALL, READ, WRITE & ALL_READ_ALL_WRITE for roles?
READ and WRITE seems trivial, ALL I assume both but that is this ALL_READ_ALL_WRITE ?
Instead of reading just the blog, you should look at the full documentation where the permissions and the affected methods are clearly described: http://infinispan.org/docs/8.2.x/user_guide/user_guide.html#_embedded_permissions
Thanks for the reference, now its clear.