[jboss-jira] [JBoss JIRA] (AS7-2429) Implement a User Agent and Remote Address Filter for the HTTP Management Interface

Tommy Tynjä (JIRA) jira-events at lists.jboss.org
Mon Apr 2 02:03:47 EDT 2012 

    [ https://issues.jboss.org/browse/AS7-2429?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12680826#comment-12680826 ] 

Tommy Tynjä commented on AS7-2429:
----------------------------------

Yes, I started working on the issue before the new year, after that it has unfortunatly just been lying around due to some other obligations. I should be able to pick this up again and resume the work. What I've done is to encapsulate the incoming request and only call processRequest if the User-Agent is specified in a list of allowed User-Agents. The next step is to add a feature which allows you to set/configure the list of allowed user agents. Question is how this should be done? Through the admin-console, configuration file and/or something else? We can continue the discussion in the developer forum or on IRC.
                
> Implement a User Agent and Remote Address Filter for the HTTP Management Interface
> ----------------------------------------------------------------------------------
>
>                 Key: AS7-2429
>                 URL: https://issues.jboss.org/browse/AS7-2429
>             Project: Application Server 7
>          Issue Type: Feature Request
>          Components: Domain Management, Security
>            Reporter: Darran Lofthouse
>            Assignee: Tommy Tynjä
>             Fix For: Open To Community
>
>
> The HTTP Management interface provides access to manage the domain model, this interface is partly dependent on the protection supplied by an end users web browser.
> This feature request is to optionally filter inbound requests based on a configurable list of supported user agents and or remote addresses - this will mean buggy browser versions can be excluded and remote clients restricted.
> Anyone interested in contributing please feel free to ping darranl in #jboss-as7.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list