Uploaded image for project: 'Thorntail'
  1. Thorntail
  2. THORN-1036

management fraction required for HTTPS

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: 2017.3.3
    • Component/s: None
    • Labels:
      None
    • Sprint:
      2017-Mar-A

      Description

      If I want to setup HTTPS, I need to add the management fraction. I understand why: the keystore needs to be added to a security realm which can then be presented to the Undertow subsystem.

      However, there's no way to say "I only want the security realm for Undertow, not the management endpoints". WildFly even reminds me:

      WARN  [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0035: No security realm defined for http management service; all access will be unrestricted.
      

      This can possibly have undesirable security implications, especially given that the management endpoint is by default bound to all network interfaces:

      INFO  [org.jboss.as] (Controller Boot Thread) WFLYSRV0060: Http management interface listening on http://[0:0:0:0:0:0:0:0]:9990/management
      

        Attachments

          Activity

            People

            Assignee:
            bob.mcwhirter Bob McWhirter (Inactive)
            Reporter:
            lthon Ladislav Thon
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: