[jboss-as7-dev] Out of the Box - Management API Security

[Darran Lofthouse]

On a separate thread it appears there will be no domain support for the 
properties files anyway and applications using them will need to bundle 
them in their own deployment: -

http://community.jboss.org/thread/162307?tstart=0

So this now leads to the question for the out of the box case how would 
we want users and their roles to be stored / distributed across the 
domain?  And if this is a custom store of some sort should the users and 
their roles be manageable through the management APIs.

Regards,
Darran Lofthouse.


On 02/07/2011 03:15 PM, Andrig Miller wrote:
>
>
> ----- Original Message -----
>> From: "Darran Lofthouse"<darran.lofthouse at jboss.com>
>> To: jboss-as7-dev at lists.jboss.org
>> Sent: Monday, February 7, 2011 7:26:39 AM
>> Subject: [jboss-as7-dev] Out of the Box - Management API Security
>>  From the requirements the APIs used to access the server need to be
>> secured and there also needs to be the possibility of integrating with
>> existing infrastructure - however what do we need for the out of the
>> box
>> experience?
>>
>> Within prior AS releases default security configuration would
>> generally
>> be provided using login modules that read the users, their password
>> and
>> their roles from properties files. These files would be static and for
>> updates they would need to be edited by hand.
>>
>> For AS7 would we also use a statically defined approach like this or
>> for
>> the out of the box security configuration would we be looking for an
>> approach where the users and their roles can also be configured
>> through
>> the management APIs?
>
> I would personally love to see the properties files disappear.  It has always felt crude.
>
> Andy
>
>>
>> Regards,
>> Darran Lofthouse.
>> _______________________________________________
>> jboss-as7-dev mailing list
>> jboss-as7-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/jboss-as7-dev