[jira] [Commented] (TOMEE-450) TomEE configuration should be secure by default & use a profile manager for development configuration

Mon, 08 Oct 2012 09:26:03 -0700 

    [ 
https://issues.apache.org/jira/browse/TOMEE-450?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13471649#comment-13471649
 ] 

Romain Manni-Bucau commented on TOMEE-450:
------------------------------------------

added the system property "openejb.profile" (default development)
if set to something else (production for instance)
-> openejb.internal.beans.security.enabled=true
-> the ejbd servlet needs the init parameter "activated" to true to be activated
-> all services are deactivated by default if profile is not the default one, 
you need to edit the conf.d/X.properties file to set disabled = true to 
activate it
-> commented tomee-admin and tomee user in tomcat-users.xml (as tomcat does) 
[it is added is no user are configured and we are in dev profile)

about the UI: since it is secured by security constraints i think that's fine

still some tests to do but the profile feature is being added ;)

                
> TomEE configuration should be secure by default & use a profile manager for 
> development configuration
> -----------------------------------------------------------------------------------------------------
>
>                 Key: TOMEE-450
>                 URL: https://issues.apache.org/jira/browse/TOMEE-450
>             Project: TomEE
>          Issue Type: Improvement
>    Affects Versions: 1.5.0
>            Reporter: Alex the Rocker
>
> TomEE 1.5.0 default configuration is unsecure by default, at least with 
> regard to those items:
>   - it comes with predefined users tomee-admin and tomee 
>   - it includes tomee administration UI
> (there are probably more)
> A noticeable improvement for TomEE would be to deliver it "secure by default" 
> and provide a profile management tool (command line is fine) to change its 
> setup in a "developper mode" with admin users & admin UI enabled.
> IBM WebSphere has a tool called profile management tool which allows this 
> kind of setup in a few clicks (with couple of options).

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to