Re: [jboss-as7-dev] Secure HTTP API Endpoint

Thursday, 26 May 2011

On Thu, 2011-05-26 at 09:22 +0200, Heiko Braun wrote:
...
 I would suggest we do provide an out-the-box config that secures the
HTTP endpoint:

  <management>
         <security-realms>
             <security-realm name="ManagementRealm">
                 <authentication>
                     <users>
                         <user username="admin">
                             <password>password</password>
                         </user>
                     </users>
                 </authentication>
             </security-realm>
         </security-realms>
     </management>

 Any objections or good reasons not to do it? 
The right solution is to require some special role for any admin or
management operations, but not provide any default user having it. So,
locked down by default.

-- 
Remy Maucherat <rmaucher(a)redhat.com&gt;
Red Hat Inc

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

Re: [jboss-as7-dev] Secure HTTP API Endpoint