Re: [wildfly-dev] WFLY-705: how should access restrictions get configured?
Personally I don't believe this is something that belongs under access
control - this is not about changing what the user can access based on
their client or address this is about preventing HTTP connections from
known bad clients or locations.
As we enable cross origin request handling we are placing a certain
amount of trust in the users browser, one purpose of this change is to
prevent known buggy broswer versions from being able to connect to the
HTTP management interface.
Regards,
Darran Lofthouse.
On 16/12/13 17:08, André Dietisheim wrote:
Hi
I'm trying to come up with implementation for
https://issues.jboss.org/browse/WFLY-705 where a user should be able to
restrict access to the management service by IP and UserAgent. The
filters are implemented and now I'm up to come up with the configuration
options. I'm thus asking for input.
From a noob (sorry, I'm not very intimate with wildfly/undertow yet)
perspective <access-control> looks like a compelling tag to be nested
into <management-interfaces><http-interface>. Even though
<access-control> is used for RBAC currently, the code for it looks
abstract enough to get reused.
Any ideas?
Cheers
André
_______________________________________________
wildfly-dev mailing list
wildfly-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/wildfly-dev