Darran Lofthouse created AS7-4660: ------------------------------------- Summary: Revisit Admin Console authentication moving from browser to console Key: AS7-4660 URL: https://issues.jboss.org/browse/AS7-4660 Project: Application Server 7 Issue Type: Task Components: Console, Security Reporter: Darran Lofthouse Assignee: Darran Lofthouse Fix For: 7.2.0.Alpha1 At the moment we leave the browser to handle the HTTP authentication, the problem this causes is that browsers don't contain a simple way to forget credentials they have currently hashed so we have ended up with a work around to emulate a log out. This task is to re-visit adding the authentication back into the admin console within the java script - as we are using GWT I would suggest we try and visit it in a way that other GWT developers developing their own consoles could make use of. At a central location we need to intercept all HTTP requests for the console and generate the Digest responses as required - the Logout link can then just clean the credentials cached in the console rather than being cached by the browser. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira