[jboss-as7-dev] Unresolved issues with lock down by default

Benjamin Browning bbrowning at redhat.com
Fri Nov 11 08:22:39 EST 2011 

>From the TorqueBox side of things I definitely don't want to tell our users to create a username / password combo before they can deploy things. So, this means either sticking with the file system deployments long-term or undoing this secure by default in the TorqueBox distribution.

Ben

On Nov 11, 2011, at 5:48 AM, Max Rydahl Andersen wrote:

> 
> What's the strategy/status for Arquillian, Maven deploys, etc ? This affects quick starts, tutorials etc. for the Beta launch. 
> 
> I got mail from Darran on adding support for this in tools - not sure what we will be
> able to do with so short warning.
> 
> But i'm interested in hearing what the others will be doing - do they even support passing in username/passwords ?
> 
> …but now i'm truly happy we got Filesystem deployment "api" so I can actually work without
> users setting these things up - or will that also be disabled by default ? 
> 
> /max
> 
> On Nov 10, 2011, at 20:35, Jason T. Greene wrote:
> 
>> Ok so I merged the lock down patch after a clean integration run but 
>> there are still some issues we need to resolve before releasing:
>> 
>> 1. The CLI hangs if you enter an invalid name/password ONCE (oops!)
>>   1a) Once an invalid password is entred the server will not shutdown
>>       cleanly, it hanges
>> 2. The log message is too early and will go easily unnoticed
>> 3. The web console doesnt tell you what to do
>> 4. The digest tool doesnt actually edit the file for you (kind of a pain)
>> 5. It would be nice if the CLI shell script could detect that the file 
>> is empty and tell you what to do
>> 
>> I think we should modify the CLI to somehow tell you that you need to 
>> run a password.
>> 
>> On 11/9/11 2:55 PM, Darran Lofthouse wrote:
>>> Are there any projects out there calling AS7 as part of their own testsuite?
>>> 
>>> AS7 is about to be secured by default so some minor changes are likely
>>> to be needed to add a user to the AS7 installation and then make the
>>> invocations as that user.
>>> 
>>> Within the AS7 testsuite we will have examples of the various calls into
>>> the management interfaces with CallbackHandlers and Authenticators
>>> handling this.  If you can point me to where you project makes the calls
>>> I can point you to the appropriate example in the AS7 testsuite.
>>> 
>>> Regards,
>>> Darran Lofthouse.
>>> _______________________________________________
>>> jboss-as7-dev mailing list
>>> jboss-as7-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/jboss-as7-dev
>> 
>> 
>> -- 
>> Jason T. Greene
>> JBoss AS Lead / EAP Platform Architect
>> JBoss, a division of Red Hat
>> _______________________________________________
>> jboss-as7-dev mailing list
>> jboss-as7-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/jboss-as7-dev
> 
> /max
> http://about.me/maxandersen
> 
> 
> 
> 
> _______________________________________________
> jboss-as7-dev mailing list
> jboss-as7-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/jboss-as7-dev

More information about the jboss-as7-dev mailing list