[
https://issues.apache.org/jira/browse/FELIX-6168?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Bosschaert updated FELIX-6168:
------------------------------------
Description:
It should be possible to configure the WebConsole to only accept logins after
specified Security Providers are found.
If these security providers are not yet registered in the Service Registry,
logging in should be disabled. The local plain username/password approach
should not provide the opportunity to log in, in that case.
The configuration to enable this should be provided as a framework property.
This approach is similar to what has been implemented for ConfigAdmin in
FELIX-6059
was:
It should be possible to disable plain username/password access to the
WebConsole.
When disabled, a simple user name and password (such as the default
admin/admin) does not work any more.
The WebConsole Security Provider should be the only enabled mechanism to log in.
Disabling should happen through configuration or a framework property.
> Enable WebConsole login only after specified Security Providers are present
> ---------------------------------------------------------------------------
>
> Key: FELIX-6168
> URL: https://issues.apache.org/jira/browse/FELIX-6168
> Project: Felix
> Issue Type: Bug
> Components: Web Console
> Affects Versions: webconsole-4.3.12
> Reporter: David Bosschaert
> Assignee: David Bosschaert
> Priority: Major
>
> It should be possible to configure the WebConsole to only accept logins after
> specified Security Providers are found.
> If these security providers are not yet registered in the Service Registry,
> logging in should be disabled. The local plain username/password approach
> should not provide the opportunity to log in, in that case.
> The configuration to enable this should be provided as a framework property.
> This approach is similar to what has been implemented for ConfigAdmin in
> FELIX-6059
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
