Hi,
we recently ran into an issue that the webconsole in an application was accessible with the default user credentials because the configuration was not picked up for some reason. Therefore the following question: Security for the web console is either setup by adding a configuration or by using a WebConsoleSecurityProvider, if I understand it correctly both mechanisms are optional and loaded dynamically. Doesn't that mean that if those configs/services are temporarily not (yet) available, which can happen even during normal operation, e.g. during application startup, access to the webconsole is not secured anymore? If yes, wouldn't it be more appropriate to make the configuration mandatory instead of optional? Best regards, Thomas
