2 Replies Latest reply on Mar 27, 2013 6:16 AM by Vedran Mikulcic

    Forcing authentication when accessing management API locally

    Vedran Mikulcic Newbie

      I'm building an web service that will enable users to add and remove JNDI datasources remotely.

       

      I tried connecting to the management API with ModelControllerClient.Factory.create, but it always connects regardless of the credentials sent.

      Following the tip from: https://community.jboss.org/wiki/AS710Beta1-SecurityEnabledByDefault#comment-8608 I removed read access from the auth folder and that works (i.e. only then actually throws an exception on wrong credentials), but mantaining that on 500+ JBoss instalations on various platforms would be a nightmare.


      If possible, I would like to use the mechanism from the web management application that authenticates users with JBoss credentials to allow access only to the users that know their JBoss credentials.

      But so far from looking at the web management app code I haven't figured out where and how this is done.

       

      Any help would be most appreciated