glassfish
  1. glassfish
  2. GLASSFISH-19436

4.0 needs to restrict direct admin user access to instances so such connections are allowed to do only read operations

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 4.0_b66
    • Fix Version/s: 4.0_b70
    • Component/s: admin
    • Labels:
      None

      Description

      In 3.x GlassFish completely denies user admin access directly to instances. The rework of the admin protocol to use ReST combined with the move to separate authentication and authorization has broken this. GlassFish 4.0 needs to prevent admin users from performing update operations by connecting directly to instances.

      In an e-mail exchange with the security team I suggested a couple of alternatives, and Jeff prefers (as I do) using the authorization service to control this, rather than (as in 3.x) totally shutting off direct admin access to instances. (There are some cases - such as metrics - where that's useful.)

        Activity

          People

          • Assignee:
            Tim Quinn
            Reporter:
            Tim Quinn
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: