[jboss-as7-dev] Secure HTTP API Endpoint
Andrig Miller
anmiller at redhat.com
Thu May 26 10:51:36 EDT 2011
I know that from the security side of things, we are trying to make sure that usernames and passwords don't end up in configuration files.
I think we should rope in Anil and company into this discussion.
Andy
----- Original Message -----
> From: "Heiko Braun" <hbraun at redhat.com>
> To: "Remy Maucherat" <rmaucher at redhat.com>
> Cc: jboss-as7-dev at lists.jboss.org
> Sent: Thursday, May 26, 2011 1:57:08 AM
> Subject: Re: [jboss-as7-dev] Secure HTTP API Endpoint
>
>
> In general I would agree with your approach.
>
> But AFAIK the HTTP API endpoint doesn't support authorization
> schemes.
> So no roles in this case.
>
> On May 26, 2011, at 9:39 AM, Remy Maucherat wrote:
>
> > The right solution is to require some special role for any admin or
> > management operations, but not provide any default user having it.
> > So,
> > locked down by default.
>
> _______________________________________________
> jboss-as7-dev mailing list
> jboss-as7-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/jboss-as7-dev
>
More information about the jboss-as7-dev
mailing list