[jboss-jira] [JBoss JIRA] (AS7-4769) Adjust /management context to return HTTP status 403 and a DMR response instead of a redirect when no users defined.

Darran Lofthouse (JIRA) jira-events at lists.jboss.org
Tue Jul 3 12:03:12 EDT 2012 

     [ https://issues.jboss.org/browse/AS7-4769?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Darran Lofthouse updated AS7-4769:
----------------------------------

    Summary: Adjust /management context to return HTTP status 403 and a DMR response instead of a redirect when no users defined.  (was: Remove no users redirect from /management context)

    
> Adjust /management context to return HTTP status 403 and a DMR response instead of a redirect when no users defined.
> --------------------------------------------------------------------------------------------------------------------
>
>                 Key: AS7-4769
>                 URL: https://issues.jboss.org/browse/AS7-4769
>             Project: Application Server 7
>          Issue Type: Task
>          Components: Domain Management, Security
>            Reporter: Darran Lofthouse
>            Assignee: Darran Lofthouse
>             Fix For: 7.1.3.Final (EAP), 7.2.0.Alpha1
>
>
> For AS 7.1.0 we secured the server by default, to make getting started easier we added an automatic redirect on the http interface if a user attempts to connect but no users have been defined, currently this redirect is on both /console and /management
> We need to remove the redirect on /management as utilities connecting to this context may not be web browsers with an ability to do anything about the redirect.  
> Instead consider a HTTP 403 with a DMR response indicating no users have been defined, the error message could even contain the URL of the error page allowing users to move from the tool to their web browser to see the page we provide.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list