[jboss-jira] [JBoss JIRA] Created: (JBAS-4388) Place all management web applications, web invokers, etc under a common context root

[Jeff Schnitzer (JIRA)]

Place all management web applications, web invokers, etc under a common context root
------------------------------------------------------------------------------------

                 Key: JBAS-4388
                 URL: http://jira.jboss.com/jira/browse/JBAS-4388
             Project: JBoss Application Server
          Issue Type: Feature Request
      Security Level: Public (Everyone can see)
          Components: Web Console
            Reporter: Jeff Schnitzer
         Assigned To: Darran Lofthouse


In any enterprise environment, administrative interfaces are blocked from the public even if they require a password; administrative interfaces can only be accessed through the internal network or a SSL-secured VPN.  This means the load balancer (or whatever) must block out all the possible management/invocation web apps:

/jmx-console
/web-console
/invoker
/jbossmq-httpil

These paths sometimes change between JBoss versions without any significant announcement, plus services are occasionally added.  This could easily result in unsecured or poorly secured (basic auth) services exposed to the public.

Please put all JBoss-provided webapps under a base context that can easily be blocked to the public:

/jboss/jmx-console
/jboss/web-console
/jboss/invoker
/jboss/jbossmq-httpil

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira