Forcing authentication when accessing management API locally

vmikulcic Mar 27, 2013 4:47 AM

I'm building an web service that will enable users to add and remove JNDI datasources remotely.

I tried connecting to the management API with ModelControllerClient.Factory.create, but it always connects regardless of the credentials sent.

Following the tip from: https://community.jboss.org/wiki/AS710Beta1-SecurityEnabledByDefault#comment-8608 I removed read access from the auth folder and that works (i.e. only then actually throws an exception on wrong credentials), but mantaining that on 500+ JBoss instalations on various platforms would be a nightmare.

If possible, I would like to use the mechanism from the web management application that authenticates users with JBoss credentials to allow access only to the users that know their JBoss credentials.

But so far from looking at the web management app code I haven't figured out where and how this is done.

Any help would be most appreciated

1. Re: Forcing authentication when accessing management API locally

dlofthouse Mar 27, 2013 5:15 AM (in response to vmikulcic)

What AS version are you currently using? You may want to try the EAP 6.1.0 Alpha release - in the later releases we added the <local /> element to the realm definitions to give users the ability to remove it to disable local authenitcation as an option.
Actions
2. Re: Forcing authentication when accessing management API locally

vmikulcic Mar 27, 2013 6:16 AM (in response to dlofthouse)

We're using JBoss AS 7.1.1.Final

Just tried it with 7.1.3 and removed the <local default-user="$local"/> from ManagementRealm in standalone.xml and it works like a charm

Thank you!
Actions

Go to original post