[jboss-dev-forums] [Design of JBoss jBPM] - security in the console

[tom.baeyens@jboss.com]

i think it is a plus that the webapp can also work without security.  but i would like the security to be reinstalled in the console by default.  also we should make sure that there is a user for each role: admin, user and manager.

only that way we can add some scenarios in the documentation, movies or tutorials and show how the console presents itself to those roles and  in those scenarios.

especially the task list feature is something that we can't show properly if users don't need to log in.

the way i interpreted the feedback of the se's that we should add more focus to admins, not limit the console to administrators as seems to be the case now.

i think that exposing the usernames and passwords on the home page is good.  then it's good for evaluation purposes.  and also people know immediately that you can't put this into production as is.   with the god identity management UI that you've added, people can easily delete all users and avoid that security risk.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4054622#4054622

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4054622