[jboss-as7-dev] Secure HTTP API Endpoint
Remy Maucherat
rmaucher at redhat.com
Thu May 26 03:39:35 EDT 2011
On Thu, 2011-05-26 at 09:22 +0200, Heiko Braun wrote:
> I would suggest we do provide an out-the-box config that secures the HTTP endpoint:
>
> <management>
> <security-realms>
> <security-realm name="ManagementRealm">
> <authentication>
> <users>
> <user username="admin">
> <password>password</password>
> </user>
> </users>
> </authentication>
> </security-realm>
> </security-realms>
> </management>
>
>
>
> Any objections or good reasons not to do it?
The right solution is to require some special role for any admin or
management operations, but not provide any default user having it. So,
locked down by default.
--
Remy Maucherat <rmaucher at redhat.com>
Red Hat Inc
More information about the jboss-as7-dev
mailing list