[wildfly-dev] WFLY-705: how should access restrictions get configured?
Darran Lofthouse
darran.lofthouse at jboss.com
Mon Dec 16 12:28:12 EST 2013
Personally I don't believe this is something that belongs under access
control - this is not about changing what the user can access based on
their client or address this is about preventing HTTP connections from
known bad clients or locations.
As we enable cross origin request handling we are placing a certain
amount of trust in the users browser, one purpose of this change is to
prevent known buggy broswer versions from being able to connect to the
HTTP management interface.
Regards,
Darran Lofthouse.
On 16/12/13 17:08, André Dietisheim wrote:
> Hi
>
> I'm trying to come up with implementation for
> https://issues.jboss.org/browse/WFLY-705 where a user should be able to
> restrict access to the management service by IP and UserAgent. The
> filters are implemented and now I'm up to come up with the configuration
> options. I'm thus asking for input.
>
> From a noob (sorry, I'm not very intimate with wildfly/undertow yet)
> perspective <access-control> looks like a compelling tag to be nested
> into <management-interfaces><http-interface>. Even though
> <access-control> is used for RBAC currently, the code for it looks
> abstract enough to get reused.
>
> Any ideas?
>
> Cheers
> André
>
>
> _______________________________________________
> wildfly-dev mailing list
> wildfly-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>
More information about the wildfly-dev
mailing list