Re: [jboss-as7-dev] Secure HTTP API Endpoint
In general I would agree with your approach.
But AFAIK the HTTP API endpoint doesn't support authorization schemes.
So no roles in this case.
On May 26, 2011, at 9:39 AM, Remy Maucherat wrote:
The right solution is to require some special role for any admin or
management operations, but not provide any default user having it. So,
locked down by default.