Qpid
  1. Qpid
  2. QPID-4705

[Java Broker] restrict access to web management interfaces to authenticated and authorised users only

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Blocker Blocker
    • Resolution: Fixed
    • Affects Version/s: 0.18, 0.20, 0.22
    • Fix Version/s: 0.22
    • Component/s: Java Broker
    • Labels:
      None

      Description

      In previous releases the default configuration allowed anonymous users to view and perform a limited set of operations via the new web management interface, with ability to restrict these via the ACLs. For the 0.22 release, the broker-level configuration model has been replaced and is now entirely configurable via the web management interface, exposing additional configuration for viewing and/or manipulation that was previously either not exposed via HTTP or only read-only.

      Now that functionality such as configuring the used authentication providers, ports, SSL, etc can done via the web interface it should be authenticated by default, with anonymous access only being provided where the user explicitly assigns the anonymous authentication provider to the HTTP(S) port/ports in use.

        Activity

        Hide
        Robbie Gemmell added a comment -

        r1465590 merged to 0.22 branch via: http://svn.apache.org/r1469865

        Show
        Robbie Gemmell added a comment - r1465590 merged to 0.22 branch via: http://svn.apache.org/r1469865
        Hide
        Justin Ross added a comment -

        Reviewed by Robbie. Approved for 0.22.

        Show
        Justin Ross added a comment - Reviewed by Robbie. Approved for 0.22.
        Hide
        Robbie Gemmell added a comment - - edited

        Changes look good to me. Agreed that we should request these for inclusion in 0.22.

        Show
        Robbie Gemmell added a comment - - edited Changes look good to me. Agreed that we should request these for inclusion in 0.22.
        Hide
        Alex Rudyy added a comment -

        Robbie,
        Could you please review the changes made in a revision http://svn.apache.org/r1465590 ?

        Show
        Alex Rudyy added a comment - Robbie, Could you please review the changes made in a revision http://svn.apache.org/r1465590 ?

          People

          • Assignee:
            Robbie Gemmell
            Reporter:
            Alex Rudyy
          • Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development