From: Heiko Braun <hbraun(a)redhat.com&gt; Date: April 7, 2011 10:59:32 AM GMT+02:00 To: &quot;jboss-as7-dev(a)lists.jboss.org Development" <jboss-as7-dev(a)lists.jboss.org&gt; Subject: [jboss-as7-dev] Security for the management interfaces: Status Quo? When can we expect means to authenticate users that access the management API? Ike _______________________________________________ jboss-as7-dev mailing list jboss-as7-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-as7-dev

Just rebased my security branch on master to get it back up to date, going to be speaking to Brian later today about a change I have been working on to get operation handlers executing in a HostController process and will then be ready to start merging in the initial implementation which to start with will give DIGEST and BASIC auth. Regards, Darran Lofthouse. On 04/14/2011 12:16 PM, Heiko Braun wrote: > > > Resending this one. > > Darran/Anil, what's the status? > > Ike > > Begin forwarded message: > >> *From: *Heiko Braun <hbraun(a)redhat.com <mailto:hbraun@redhat.com>> >> *Date: *April 7, 2011 10:59:32 AM GMT+02:00 >> *To: *&quot;jboss-as7-dev(a)lists.jboss.org >> <mailto:jboss-as7-dev@lists.jboss.org> Development" >> <jboss-as7-dev(a)lists.jboss.org <mailto:jboss-as7-dev@lists.jboss.org>> >> *Subject: **[jboss-as7-dev] Security for the management interfaces: >> Status Quo?* >> >> >> >> When can we expect means to authenticate users that access the >> management API? >> >> Ike >> _______________________________________________ >> jboss-as7-dev mailing list >> jboss-as7-dev(a)lists.jboss.org <mailto:jboss-as7-dev@lists.jboss.org> >> https://lists.jboss.org/mailman/listinfo/jboss-as7-dev > > > > _______________________________________________ > jboss-as7-dev mailing list > jboss-as7-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/jboss-as7-dev

https://issues.jboss.org/browse/JBAS-9256 Darran, I scheduled that for Beta4. The console for Beta3 is locked down so we don't want to introduce anything that will break it. On 4/14/11 7:44 AM, Heiko Braun wrote: > > Is there a Jira I can track? Assuming this will go into Beta4. > > > On Apr 14, 2011, at 2:10 PM, Darran Lofthouse wrote: > >> Just rebased my security branch on master to get it back up to date, going to be speaking to Brian later today about a change I have been working on to get operation handlers executing in a HostController process and will then be ready to start merging in the initial implementation which to start with will give DIGEST and BASIC auth. >> >> Regards, >> Darran Lofthouse. >> >> >> On 04/14/2011 12:16 PM, Heiko Braun wrote: >>> >>> Resending this one. >>> >>> Darran/Anil, what's the status? >>> >>> Ike >>> >>> Begin forwarded message: >>> >>>> *From: *Heiko Braun<hbraun@redhat.com<mailto:hbraun@redhat.com>> >>>> *Date: *April 7, 2011 10:59:32 AM GMT+02:00 >>>> *To: *&quot;jboss-as7-dev(a)lists.jboss.org >>>> <mailto:jboss-as7-dev@lists.jboss.org> Development" >>>> <jboss-as7-dev@lists.jboss.org<mailto:jboss-as7-dev@lists.jboss.org>> >>>> *Subject: **[jboss-as7-dev] Security for the management interfaces: >>>> Status Quo?* >>>> >>>> >>>> >>>> When can we expect means to authenticate users that access the >>>> management API? >>>> >>>> Ike

At this time, we have only validated BASIC and FORM auth for the web container. Marcus is blocked on the CLIENT-CERT work. Darran, you should http/basic for any web apps right now.

On 04/14/2011 08:14 AM, Brian Stansberry wrote: > https://issues.jboss.org/browse/JBAS-9256 > > Darran, I scheduled that for Beta4. The console for Beta3 is locked down > so we don't want to introduce anything that will break it. > > On 4/14/11 7:44 AM, Heiko Braun wrote: >> >> Is there a Jira I can track? Assuming this will go into Beta4. >> >> >> On Apr 14, 2011, at 2:10 PM, Darran Lofthouse wrote: >> >>> Just rebased my security branch on master to get it back up to date, going to be speaking to Brian later today about a change I have been working on to get operation handlers executing in a HostController process and will then be ready to start merging in the initial implementation which to start with will give DIGEST and BASIC auth. >>> >>> Regards, >>> Darran Lofthouse. >>> >>> >>> On 04/14/2011 12:16 PM, Heiko Braun wrote: >>>> >>>> Resending this one. >>>> >>>> Darran/Anil, what's the status? >>>> >>>> Ike >>>> >>>> Begin forwarded message: >>>> >>>>> *From: *Heiko Braun<hbraun@redhat.com<mailto:hbraun@redhat.com>> >>>>> *Date: *April 7, 2011 10:59:32 AM GMT+02:00 >>>>> *To: *&quot;jboss-as7-dev(a)lists.jboss.org >>>>> <mailto:jboss-as7-dev@lists.jboss.org> Development" >>>>> <jboss-as7-dev@lists.jboss.org<mailto:jboss-as7-dev@lists.jboss.org>> >>>>> *Subject: **[jboss-as7-dev] Security for the management interfaces: >>>>> Status Quo?* >>>>> >>>>> >>>>> >>>>> When can we expect means to authenticate users that access the >>>>> management API? >>>>> >>>>> Ike _______________________________________________ jboss-as7-dev mailing list jboss-as7-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-as7-dev