Uploaded image for project: 'Thorntail'
  1. Thorntail
  2. THORN-1036

management fraction required for HTTPS

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: 2017.3.3
    • Component/s: None
    • Labels:
      None
    • Sprint:
      2017-Mar-A

      Description

      If I want to setup HTTPS, I need to add the management fraction. I understand why: the keystore needs to be added to a security realm which can then be presented to the Undertow subsystem.

      However, there's no way to say "I only want the security realm for Undertow, not the management endpoints". WildFly even reminds me:

      WARN  [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0035: No security realm defined for http management service; all access will be unrestricted.
      

      This can possibly have undesirable security implications, especially given that the management endpoint is by default bound to all network interfaces:

      INFO  [org.jboss.as] (Controller Boot Thread) WFLYSRV0060: Http management interface listening on http://[0:0:0:0:0:0:0:0]:9990/management
      

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                bob.mcwhirter Bob McWhirter
                Reporter:
                lthon Ladislav Thon
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: