Hi Srikanth, This, I agree, is not ok. But unless you registerd the web console to the root /gogo is not a web console URL but something else (or is it typo ?)
By default authentication is using HTTP Basic authentication which by browsers is implemented by caching as long as the browser is running. If your restart the browser or use a different browser, authentication should be requested. Regards Felix > Am 11.11.2016 um 14:52 schrieb srou...@gmail.com: > > Hi, > In this case https://localhost:8443/gogo directly displays karaf console > without asking webconsole authorization credentials. > > Thanks > Srikanth > > Sent from my iPhone > >> On Nov 11, 2016, at 3:24 AM, Felix Meschberger <fmesc...@adobe.com> wrote: >> >> Hi Srikanth >> >> You are already authenticated when you access the web console. I would think >> that the assumption is that double authentication is nonsense. >> >> What we discussed earlier would be some form of access control, so that only >> certain users may access certain features. But AFAICT there has not been any >> work done on this front. >> >> Regards >> Felix >> >>> Am 11.11.2016 um 00:51 schrieb Srikanth Routhu <srou...@gmail.com>: >>> >>> Hi, >>> >>> We are using Karaf 3.0.7 along with webconsole which is authenticated >>> using realm. SSH also uses realm for authentication. But from firefox >>> browser https://localhost:8443/gogo link directly access Karaf console >>> without any authentication. How can we restrict access. >>> >>> Tried restricting “/gogo/*” from web.xml but unsuccessful. >>> >>> >>> >>> Appreciate your help. >>> >>> >>> >>> Thanks >>> >>> Srikanth >> --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@felix.apache.org For additional commands, e-mail: users-h...@felix.apache.org
