This ticket was discussed in the DSpace 7 meeting on Jan 25, 2018.
- Access to config variables should be granted by white listing specific values.
- It would be acceptable to wildcard the white list values
- Access to config variables should be authorized by the authorization service. Some values could be granted to authenticated users. Some values would be granted only to admin users.
- Spring security could be used to filter the values that should be provided.
- Eventually, such a service could also be used to allow the update of config settings.
- Plugin developers should have the ability to white list plugin config values. The solution described above should support such a feature.