Re: [jboss-as7-dev] Request for review of DomainServletApi bridge
I'll defer to Darran on the security aspects of this; i.e. how to ensure
that this webapp integrates with management layer's security configuration.
If we do this, it shouldn't be enabled by default for the reasons Darran
mentioned. But the patch doesn't seem to have it on by default.
We'll need to disable this capability for a server running in domain
mode, as a domain mode server is not meant to expose a
directly-accessible-to-the-end-user management interface. The host
controller exposes that.
On 6/8/11 2:56 PM, Scott Stark wrote:
I wanted to be able to access the domain api that is currently served
up
by the domain-api-http services on localhost:9990/domain-api via the
jbossweb connectors (localhost:8080/domain-api by default), so I created
a org.jboss.as.web.domain.{DomainApiContextService,DomainApiServlet}
pair that does this. I only have the GET access working at the moment,
but wanted feedback on how to proceed as the DomainApiServlet has to
duplicate a lot of the domain-api-http
org.jboss.as.domain.http.server.DomainApiHandler because of the servlet
api vs org.jboss.com.sun.net.httpserver differences. It is relatively
easy to refactor the DomainApiHandler to isolate the differences so that
the bulk of the code can be used by the DomainApiServlet, but before
doing that I wanted some feedback on the changes so far:
https://github.com/starksm64/jboss-as/commit/03cc9156e05358f3e1a6d36c4df7...
Should this be in the web module or factored out into a new module that
depends on domain-api-http and web?
_______________________________________________
jboss-as7-dev mailing list
jboss-as7-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-as7-dev
--
Brian Stansberry
Principal Software Engineer
JBoss by Red Hat