[jboss-jira] [JBoss JIRA] (WFCORE-616) Ensure end users cannot set the ""execute-for-coordinator" operation header via the HTTP interface
Brian Stansberry (JIRA)
issues at jboss.org
Fri Mar 27 14:31:18 EDT 2015
Brian Stansberry created WFCORE-616:
---------------------------------------
Summary: Ensure end users cannot set the ""execute-for-coordinator" operation header via the HTTP interface
Key: WFCORE-616
URL: https://issues.jboss.org/browse/WFCORE-616
Project: WildFly Core
Issue Type: Task
Components: Domain Management
Affects Versions: 1.0.0.Alpha19
Reporter: Brian Stansberry
The "execute-for-coordinator" header is used internally in domain-wide operation execution to indicate that a call is being made on behalf of the DC. End users should not be able to use it.
Client calls that go through the native handling (including HTTP upgrade) have any such header stripped by ModelControllerClientOperationHandler.ExecuteRequestHandler. We need to do the same thing in the domain-http code for non-upgrade HTTP calls.
--
This message was sent by Atlassian JIRA
(v6.3.11#6341)
More information about the jboss-jira
mailing list