[wildfly-dev] WFLY-705: how should access restrictions get configured?
Brian Stansberry
brian.stansberry at redhat.com
Mon Dec 16 16:50:25 EST 2013
Darran,
How does this related to the notion we've chatted about of incorporate
environmental factors into role mapping?
- Brian
On 12/16/13 11:28 AM, Darran Lofthouse wrote:
> Personally I don't believe this is something that belongs under access
> control - this is not about changing what the user can access based on
> their client or address this is about preventing HTTP connections from
> known bad clients or locations.
>
> As we enable cross origin request handling we are placing a certain
> amount of trust in the users browser, one purpose of this change is to
> prevent known buggy broswer versions from being able to connect to the
> HTTP management interface.
>
> Regards,
> Darran Lofthouse.
>
>
> On 16/12/13 17:08, André Dietisheim wrote:
>> Hi
>>
>> I'm trying to come up with implementation for
>> https://issues.jboss.org/browse/WFLY-705 where a user should be able to
>> restrict access to the management service by IP and UserAgent. The
>> filters are implemented and now I'm up to come up with the configuration
>> options. I'm thus asking for input.
>>
>> From a noob (sorry, I'm not very intimate with wildfly/undertow yet)
>> perspective <access-control> looks like a compelling tag to be nested
>> into <management-interfaces><http-interface>. Even though
>> <access-control> is used for RBAC currently, the code for it looks
>> abstract enough to get reused.
>>
>> Any ideas?
>>
>> Cheers
>> André
>>
>>
>> _______________________________________________
>> wildfly-dev mailing list
>> wildfly-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>
> _______________________________________________
> wildfly-dev mailing list
> wildfly-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>
--
Brian Stansberry
Principal Software Engineer
JBoss by Red Hat
More information about the wildfly-dev
mailing list