[jboss-as7-dev] Unresolved issues with lock down by default

Jason T. Greene jason.greene at redhat.com
Fri Nov 11 09:37:08 EST 2011


I don't think this is a problem for you guys because you replace 
standalone.xml. As long as you don't include the auth section it will no 
longer require auth.

On 11/11/11 7:22 AM, Benjamin Browning wrote:
>> From the TorqueBox side of things I definitely don't want to tell our users to create a username / password combo before they can deploy things. So, this means either sticking with the file system deployments long-term or undoing this secure by default in the TorqueBox distribution.
>
> Ben
>
> On Nov 11, 2011, at 5:48 AM, Max Rydahl Andersen wrote:
>
>>
>> What's the strategy/status for Arquillian, Maven deploys, etc ? This affects quick starts, tutorials etc. for the Beta launch.
>>
>> I got mail from Darran on adding support for this in tools - not sure what we will be
>> able to do with so short warning.
>>
>> But i'm interested in hearing what the others will be doing - do they even support passing in username/passwords ?
>>
>> …but now i'm truly happy we got Filesystem deployment "api" so I can actually work without
>> users setting these things up - or will that also be disabled by default ?
>>
>> /max
>>
>> On Nov 10, 2011, at 20:35, Jason T. Greene wrote:
>>
>>> Ok so I merged the lock down patch after a clean integration run but
>>> there are still some issues we need to resolve before releasing:
>>>
>>> 1. The CLI hangs if you enter an invalid name/password ONCE (oops!)
>>>    1a) Once an invalid password is entred the server will not shutdown
>>>        cleanly, it hanges
>>> 2. The log message is too early and will go easily unnoticed
>>> 3. The web console doesnt tell you what to do
>>> 4. The digest tool doesnt actually edit the file for you (kind of a pain)
>>> 5. It would be nice if the CLI shell script could detect that the file
>>> is empty and tell you what to do
>>>
>>> I think we should modify the CLI to somehow tell you that you need to
>>> run a password.
>>>
>>> On 11/9/11 2:55 PM, Darran Lofthouse wrote:
>>>> Are there any projects out there calling AS7 as part of their own testsuite?
>>>>
>>>> AS7 is about to be secured by default so some minor changes are likely
>>>> to be needed to add a user to the AS7 installation and then make the
>>>> invocations as that user.
>>>>
>>>> Within the AS7 testsuite we will have examples of the various calls into
>>>> the management interfaces with CallbackHandlers and Authenticators
>>>> handling this.  If you can point me to where you project makes the calls
>>>> I can point you to the appropriate example in the AS7 testsuite.
>>>>
>>>> Regards,
>>>> Darran Lofthouse.
>>>> _______________________________________________
>>>> jboss-as7-dev mailing list
>>>> jboss-as7-dev at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/jboss-as7-dev
>>>
>>>
>>> --
>>> Jason T. Greene
>>> JBoss AS Lead / EAP Platform Architect
>>> JBoss, a division of Red Hat
>>> _______________________________________________
>>> jboss-as7-dev mailing list
>>> jboss-as7-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/jboss-as7-dev
>>
>> /max
>> http://about.me/maxandersen
>>
>>
>>
>>
>> _______________________________________________
>> jboss-as7-dev mailing list
>> jboss-as7-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/jboss-as7-dev
>
>
> _______________________________________________
> jboss-as7-dev mailing list
> jboss-as7-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/jboss-as7-dev


-- 
Jason T. Greene
JBoss AS Lead / EAP Platform Architect
JBoss, a division of Red Hat


More information about the jboss-as7-dev mailing list