Uploaded image for project: 'Qpid'
  1. Qpid
  2. QPID-4705

[Java Broker] restrict access to web management interfaces to authenticated and authorised users only

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 0.18, 0.20, 0.22
    • Fix Version/s: 0.22
    • Component/s: Broker-J
    • Labels:
      None

      Description

      In previous releases the default configuration allowed anonymous users to view and perform a limited set of operations via the new web management interface, with ability to restrict these via the ACLs. For the 0.22 release, the broker-level configuration model has been replaced and is now entirely configurable via the web management interface, exposing additional configuration for viewing and/or manipulation that was previously either not exposed via HTTP or only read-only.

      Now that functionality such as configuring the used authentication providers, ports, SSL, etc can done via the web interface it should be authenticated by default, with anonymous access only being provided where the user explicitly assigns the anonymous authentication provider to the HTTP(S) port/ports in use.

        Attachments

          Activity

            People

            • Assignee:
              gemmellr Robbie Gemmell
              Reporter:
              alex.rufous Alex Rudyy
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: