[jboss-jira] [JBoss JIRA] (WFLY-1099) Management Port sharing port 8080

Stuart Douglas (JIRA) issues at jboss.org
Mon Apr 14 18:28:34 EDT 2014 

    [ https://issues.jboss.org/browse/WFLY-1099?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12961788#comment-12961788 ] 

Stuart Douglas edited comment on WFLY-1099 at 4/14/14 6:28 PM:
---------------------------------------------------------------

So just thinking about this I think the config should look something like:

{code)
<http-interface security-realm="ManagementRealm" http-upgrade-enabled="true">
   <subsystem-connector name="http"/>
</http-interface>
{code}

If we implement this there is probably also a good chance that users will want to limit access to this in some way, either by source IP or some other mechanism. One possible solution would be to use Undertow predicates:

{code}
<http-interface security-realm="ManagementRealm" http-upgrade-enabled="true">
   <subsystem-connector name="http" allow-predicate="regex[value=%{REMOTE_IP}, pattern='$10\..*] and not contains[value=%{i,User-Agent}, search='IE6']"/>
</http-interface>
{code}

[~bstansberry] Does this sound ok to you?

                
      was (Author: swd847):
    So just thinking about this I think the config should look something like:

<http-interface security-realm="ManagementRealm" http-upgrade-enabled="true">
   <subsystem-connector name="http"/>
</http-interface>

If we implement this there is probably also a good chance that users will want to limit access to this in some way, either by source IP or some other mechanism. One possible solution would be to use Undertow predicates:

<http-interface security-realm="ManagementRealm" http-upgrade-enabled="true">
   <subsystem-connector name="http" allow-predicate="regex[value=%{REMOTE_IP}, pattern='$10\..*] and not contains[value=%{i,User-Agent}, search='IE6']"/>
</http-interface>

[~bstansberry] Does this sound ok to you?

                  
> Management Port sharing port 8080
> ---------------------------------
>
>                 Key: WFLY-1099
>                 URL: https://issues.jboss.org/browse/WFLY-1099
>             Project: WildFly
>          Issue Type: Feature Request
>      Security Level: Public(Everyone can see) 
>          Components: Domain Management
>            Reporter: Jim Tyrrell
>            Assignee: Stuart Douglas
>              Labels: eap6-ux
>
> While it is great and there are many good reason to have a management console on a different port then the standard 8080 web ports, it should be possible to use port 8080 or equivalent for a management console and another port needing to be open should not be required, but can be a selectable feature.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list