[wildfly-dev] WFLY-705: how should access restrictions get configured?
Darran Lofthouse
darran.lofthouse at jboss.com
Tue Dec 17 09:48:20 EST 2013
The main purpose of the Jira issue is just for a blanked block on known
bad browsers - it is not intended to take any part of 'If you use
Internet Explorer you can be a Monitor but if you use Firefox you can be
SuperUser'.
Regards,
Darran Lofthouse.
On 16/12/13 21:50, Brian Stansberry wrote:
> Darran,
>
> How does this related to the notion we've chatted about of incorporate
> environmental factors into role mapping?
>
> - Brian
>
> On 12/16/13 11:28 AM, Darran Lofthouse wrote:
>> Personally I don't believe this is something that belongs under access
>> control - this is not about changing what the user can access based on
>> their client or address this is about preventing HTTP connections from
>> known bad clients or locations.
>>
>> As we enable cross origin request handling we are placing a certain
>> amount of trust in the users browser, one purpose of this change is to
>> prevent known buggy broswer versions from being able to connect to the
>> HTTP management interface.
>>
>> Regards,
>> Darran Lofthouse.
>>
>>
>> On 16/12/13 17:08, André Dietisheim wrote:
>>> Hi
>>>
>>> I'm trying to come up with implementation for
>>> https://issues.jboss.org/browse/WFLY-705 where a user should be able to
>>> restrict access to the management service by IP and UserAgent. The
>>> filters are implemented and now I'm up to come up with the configuration
>>> options. I'm thus asking for input.
>>>
>>> From a noob (sorry, I'm not very intimate with wildfly/undertow yet)
>>> perspective <access-control> looks like a compelling tag to be nested
>>> into <management-interfaces><http-interface>. Even though
>>> <access-control> is used for RBAC currently, the code for it looks
>>> abstract enough to get reused.
>>>
>>> Any ideas?
>>>
>>> Cheers
>>> André
>>>
>>>
>>> _______________________________________________
>>> wildfly-dev mailing list
>>> wildfly-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>>
>> _______________________________________________
>> wildfly-dev mailing list
>> wildfly-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>
>
>
More information about the wildfly-dev
mailing list