Re: [jboss-as7-dev] Securing the Console

Am 21.01.2011 um 16:20 schrieb Brian Stansberry: One may (as we discussed on the phone iirc) have three categories: - root - deploy + view - view only If the REST verbs would be used, GET could be filtered for read-only, and all allowed for root - and the deploy role would need some filtering on the url. But then urls could also be constructed in a way of /metric/domain/x/subsystem/y/... /deploy/server-group/x/.. /<other>/.... Which can be relatively easy be matched to the above three roles. But then I am fine with "root" - only being present pilhuhn