Re: [jboss-as7-dev] Secure HTTP API Endpoint
I know that from the security side of things, we are trying to make sure that usernames
and passwords don't end up in configuration files.
I think we should rope in Anil and company into this discussion.
Andy
----- Original Message -----
From: "Heiko Braun" <hbraun(a)redhat.com>
To: "Remy Maucherat" <rmaucher(a)redhat.com>
Cc: jboss-as7-dev(a)lists.jboss.org
Sent: Thursday, May 26, 2011 1:57:08 AM
Subject: Re: [jboss-as7-dev] Secure HTTP API Endpoint
In general I would agree with your approach.
But AFAIK the HTTP API endpoint doesn't support authorization
schemes.
So no roles in this case.
On May 26, 2011, at 9:39 AM, Remy Maucherat wrote:
> The right solution is to require some special role for any admin or
> management operations, but not provide any default user having it.
> So,
> locked down by default.
_______________________________________________
jboss-as7-dev mailing list
jboss-as7-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-as7-dev