[jboss-jira] [JBoss JIRA] (AS7-4769) Remove no users redirect from /management context
Darran Lofthouse (JIRA)
jira-events at lists.jboss.org
Thu May 10 12:02:17 EDT 2012
[ https://issues.jboss.org/browse/AS7-4769?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Darran Lofthouse updated AS7-4769:
----------------------------------
Description:
For AS 7.1.0 we secured the server by default, to make getting started easier we added an automatic redirect on the http interface if a user attempts to connect but no users have been defined, currently this redirect is on both /console and /management
We need to remove the redirect on /management as utilities connecting to this context may not be web browsers with an ability to do anything about the redirect.
Instead consider a HTTP 403 with a DMR response indicating no users have been defined, the error message could even contain the URL of the error page allowing users to move from the tool to their web browser to see the page we provide.
was:
For AS 7.1.0 we secured the server by default, to make getting started easier we added an automatic redirect on the http interface if a user attempts to connect but no users have been defined, currently this redirect is on both /console and /management
We need to remove the redirect on /management as utilities connecting to this context may not be web browsers with an ability to do anything about the redirect.
Instead consider a HTTP 503 with a DMR response indicating no users have been defined, the error message could even contain the URL of the error page allowing users to move from the tool to their web browser to see the page we provide.
HTTP 403 may be more appropriate as it does indicate authentication will not be sufficient to make the request succeed - we know it will not succeed as there are no users defined in the realm.
> Remove no users redirect from /management context
> -------------------------------------------------
>
> Key: AS7-4769
> URL: https://issues.jboss.org/browse/AS7-4769
> Project: Application Server 7
> Issue Type: Task
> Components: Domain Management, Security
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Fix For: 7.1.3.Final (EAP), 7.2.0.Alpha1
>
>
> For AS 7.1.0 we secured the server by default, to make getting started easier we added an automatic redirect on the http interface if a user attempts to connect but no users have been defined, currently this redirect is on both /console and /management
> We need to remove the redirect on /management as utilities connecting to this context may not be web browsers with an ability to do anything about the redirect.
> Instead consider a HTTP 403 with a DMR response indicating no users have been defined, the error message could even contain the URL of the error page allowing users to move from the tool to their web browser to see the page we provide.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list