[teiid-issues] [JBoss JIRA] Resolved: (TEIID-1055) Secure profile service access

Ramesh Reddy (JIRA) jira-events at lists.jboss.org
Tue Jul 20 15:06:52 EDT 2010 

     [ https://jira.jboss.org/browse/TEIID-1055?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Ramesh Reddy resolved TEIID-1055.
---------------------------------

    Resolution: Done


With the implementation style used to fix the TEIID-1142, this is automatically resolved. The profile service is now passed to the Teiid Engine as a bean thus requires no authentication for access.  However, the users who are requesting connections over "Admin" channel are subjected to same domain authentication as the "JOPR" does, thus Teiid enforces the same security as JOPR connection. As per JOPR it is has it's own configuration as to how it connects with secure profile service and it is not concern for Teiid.

> Secure profile service access
> -----------------------------
>
>                 Key: TEIID-1055
>                 URL: https://jira.jboss.org/browse/TEIID-1055
>             Project: Teiid
>          Issue Type: Task
>          Components: AdminApi
>    Affects Versions: 7.0
>            Reporter: Ramesh Reddy
>            Assignee: Ramesh Reddy
>             Fix For: 7.1
>
>
> As of 7.0 M3 release, the "Profile Service" access is not secure. Currently the JOPR plug-in and Teiid Admin API, force users to authenticate with "jmx-console" security domain, both these do not prevent the direct access to the "Profile Service" EJB directly. 
> Profile Service can be deployed as secure EJB, such that it would require a login context to be authenticated before user has access to this bean. This needs to be configured and tested. Also document, how to configure the profile service as secure service.
> Also, AdminFactory class, which provides Admin connections, need to work with secure "Profile Service".

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the teiid-issues mailing list