[jboss-dev-forums] [JBoss AS7 Development] - Management Security Tasks
Darran Lofthouse
do-not-reply at jboss.com
Wed Feb 9 06:51:27 EST 2011
Darran Lofthouse [http://community.jboss.org/people/darran.lofthouse%40jboss.com] created the document:
"Management Security Tasks"
To view the document, visit: http://community.jboss.org/docs/DOC-16463
--------------------------------------------------------------
Identified tasks for adding security to the AS7 management APIs: -
|| *Description* || *Jira Issues* || *Owner
* || *Dependencies
* || *Comments / Risks
* ||
| Define security configuration. |
|
| General management API configuration. |
|
| Login modules need to operate in non-AS domains. |
| Anil / Marcus |
|
|
| Add BASIC authenticator to HTTP API |
|
|
|
|
| Add TLS/SSL to HTTP API |
|
|
|
|
| Add CLIENT-CERT type authenticator to HTTP API |
|
|
|
|
| Ensure equivalent authentication possible through native API. |
|
| Initial native API with Remoting. |
|
| Security initialisation similar to subsystem initialisation. |
|
|
| To review as much re-use of security extension in non AS. |
| Interception of all inbound calls for authorization check. |
|
|
| Initial check may just be that the calling user must have been authenticated. |
| Define ACL scheme. |
|
|
|
|
| Add ACL checking to authorization. |
|
|
|
|
| Mechanism to provide users permissions to clients of the API. |
|
|
|
|
--------------------------------------------------------------
Comment by going to Community
[http://community.jboss.org/docs/DOC-16463]
Create a new document in JBoss AS7 Development at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=102&containerType=14&container=2225]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-dev-forums/attachments/20110209/c65aea26/attachment.html
More information about the jboss-dev-forums
mailing list