[wildfly-dev] Subsystems changing their own configuration model

Tristan Tarrant ttarrant at redhat.com
Wed Sep 14 05:37:42 EDT 2016


On 14/09/16 11:24, Darran Lofthouse wrote:
> On 14/09/16 09:54, Tristan Tarrant wrote:
>> Well, it is a protocol operation which has a management side-effect. The
>> way we have approached that in other similar situations is to either
>> require access through a loopback interface or require authentication
>> and authorization be enabled on the endpoint and an Admin permission on
>> the subject requesting the operation. Note however that the Hot Rod
>> endpoint would be using a different security realm compared to the
>> management one.
> FYI for WildFly 11 if a call remains in-VM and goes from the application
> to the management tier we will have a mechanism for the identity to be
> inflowed to the security domain used for management which will allow
> management access control to be used.
That would require the identity to be present in both "security realms" 
(or whatever their equivalent is in WF11) ?

Tristan

-- 
Tristan Tarrant
Infinispan Lead
JBoss, a division of Red Hat



More information about the wildfly-dev mailing list