[jbosstools-issues] [JBoss JIRA] Issue Comment Edited: (JBIDE-9211) Support authentication on AS7 management operations
Andre Dietisheim (JIRA)
jira-events at lists.jboss.org
Fri Jul 22 10:20:23 EDT 2011
[ https://issues.jboss.org/browse/JBIDE-9211?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12615926#comment-12615926 ]
Andre Dietisheim edited comment on JBIDE-9211 at 7/22/11 10:19 AM:
-------------------------------------------------------------------
there's a documentation that lists the supported transport level mechanisms for authentication in the management API:
http://community.jboss.org/wiki/ManagementAPISecurityTransportAuthentication
A slightly more extensive discussion is found here:
http://community.jboss.org/wiki/ManagementAPISecurityAuthenticationMechanisms
There's also a (possible) sample config here:
http://community.jboss.org/wiki/ManagementAPISecurityPossibleConfigurationSample
The default configuration that is shipped with as7 uses a properties file:
{code}
<security-realms>
<security-realm name="PropertiesMgmtSecurityRealm">
<authentication>
<properties path="mgmt-users.properties" relative-to="jboss.server.config.dir" />
</authentication>
</security-realm>
</security-realms>
{code}
The referenced properties file (mgmt-users.properties) has no entries and therefore allows anybody to log in.
{code}
#Format: username=password
#
#admin=admin
{code}
was (Author: adietish):
there's a documentation that lists the supported transport level mechanisms for authentication in the management API:
http://community.jboss.org/wiki/ManagementAPISecurityTransportAuthentication
There's also a (possible) sample config here:
http://community.jboss.org/wiki/ManagementAPISecurityPossibleConfigurationSample
The default configuration that is shipped with as7 uses a properties file:
{code}
<security-realms>
<security-realm name="PropertiesMgmtSecurityRealm">
<authentication>
<properties path="mgmt-users.properties" relative-to="jboss.server.config.dir" />
</authentication>
</security-realm>
</security-realms>
{code}
The referenced properties file (mgmt-users.properties) has no entries and therefore allows anybody to log in.
> Support authentication on AS7 management operations
> ---------------------------------------------------
>
> Key: JBIDE-9211
> URL: https://issues.jboss.org/browse/JBIDE-9211
> Project: Tools (JBoss Tools)
> Issue Type: Bug
> Components: JBossAS
> Reporter: Max Rydahl Andersen
> Assignee: Andre Dietisheim
> Priority: Blocker
> Fix For: 3.3.0.M3
>
>
> AS7 server management API can be secured we should investigate how that would affect users of JBoss tools
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jbosstools-issues
mailing list