Why a security risk?
What the difference if I have a use case where there is the possibility to make wget and than deploy from file system and being able to deploy from HTTP from the beginning? The console is protected with security authentication; I agree that breaking in the server to place the file in the file system and than taking control of JBoss to make the deploy should be more difficult, but the console usually is on a different port and protected from external access and a tool for sysadmin, so why not adding a useful feature to sysadmin?
The web console, in fact (I've looked at the code) just make a two step operation, first upload the file than make the deploy; this to overcome the lack of a single command in the CLI.
The need is to be able to have automatic management of stuff from a central point and thus be able to command the JBoss (but in general a complex environment from tools like puppet, chef or, different approach, solutions that do not want to install things on the JBoss servers, but can operate using the correct credentials).
Right now I can execute a script that deploy stuff from file system calling cli with the correct user and password on the command line, but there is no reference of being able to call the HTTP version of the CLI from curl (still with the constraint of deploy something from the file system).
The constraint of the file system brings the trouble of getting the artifact to be deployed on the master node that means:
1) mounting a nfs share on the server to place the artefacts so that the console will be able to deploy
2) using GIT to obtain the same result (you get versioning at the cost of having to command also GIT and not only the CLI)
3) managing your way to copy the file (maybe with puppet etc) and than using the CLI
Since in the code of the CLI you get the path and use as a String to create the File there could be the option to get the URI and downloading the object (maybe with problems of timeout and deployment problems, but that could be a good place to manage this stuff, is something that we should in any case address and in this way it could be addresses at the source of the operation)
My need is to be able to deploy the JBoss artifact and than configure other non JBoss stuff from a central point of management and the availability of REST commands to do the job is invaluable to different systems integration; as for now will have to dedicate a shared file repository (be it GIT or NFS or something else) to the deployment process of JBoss since the management application doesn't reside on the JBoss server so the user interact to upload the artifact with another tool that will have to save the file somewhere and than issue a (now shell comand since I've not discovered a HTTP call to execute a deploy) command on JBoss master.
This for me is more security risky since there are lots of pieces that have to be managed externally and more possible points to attack or to fail.
Is there at least a HTTP version of the CLI command to deploy?
I've tryed the usual json syntax, but it seems that deploy is not an operation supported.