[wildfly-dev] WFLY-705: how should access restrictions get configured?

Darran Lofthouse darran.lofthouse at jboss.com
Mon Dec 16 12:28:12 EST 2013


Personally I don't believe this is something that belongs under access 
control - this is not about changing what the user can access based on 
their client or address this is about preventing HTTP connections from 
known bad clients or locations.

As we enable cross origin request handling we are placing a certain 
amount of trust in the users browser, one purpose of this change is to 
prevent known buggy broswer versions from being able to connect to the 
HTTP management interface.

Regards,
Darran Lofthouse.


On 16/12/13 17:08, André Dietisheim wrote:
> Hi
>
> I'm trying to come up with implementation for
> https://issues.jboss.org/browse/WFLY-705 where a user should be able to
> restrict access to the management service by IP and UserAgent. The
> filters are implemented and now I'm up to come up with the configuration
> options. I'm thus asking for input.
>
>  From a noob (sorry, I'm not very intimate with wildfly/undertow yet)
> perspective <access-control> looks like a compelling tag to be nested
> into <management-interfaces><http-interface>. Even though
> <access-control> is used for RBAC currently, the code for it looks
> abstract enough to get reused.
>
> Any ideas?
>
> Cheers
> André
>
>
> _______________________________________________
> wildfly-dev mailing list
> wildfly-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>


More information about the wildfly-dev mailing list