Re: [wildfly-dev] Subsystems changing their own configuration model

On 14/09/16 09:54, Tristan Tarrant wrote: > Well, it is a protocol operation which has a management side-effect. The > way we have approached that in other similar situations is to either > require access through a loopback interface or require authentication > and authorization be enabled on the endpoint and an Admin permission on > the subject requesting the operation. Note however that the Hot Rod > endpoint would be using a different security realm compared to the > management one. FYI for WildFly 11 if a call remains in-VM and goes from the application to the management tier we will have a mechanism for the identity to be inflowed to the security domain used for management which will allow management access control to be used.