Bug 778457 (SOA-935)

Summary: Access restrictions inconsistent between legacy SOA-P consoles and JON enterprise console
Product: [JBoss] JBoss Enterprise SOA Platform 4 Reporter: Len DiMaggio <ldimaggi>
Component: Documentation, Configuration, Monitoring and ManagementAssignee: tcunning
Status: CLOSED WONTFIX QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: 4.3 IR5   
Target Milestone: ---   
Target Release: 4.3 CP05   
Hardware: Unspecified   
OS: Unspecified   
URL: http://jira.jboss.org/jira/browse/SOA-935
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-03-21 01:21:17 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Len DiMaggio 2008-10-10 18:46:22 UTC 
Affects: Documentation (Ref Guide, User Guide, etc.), Release Notes
Date of First Response: 2008-10-14 04:36:39
project_key: SOA

As of the 4.2 SOA-P release, access to the consoles (hostname:8080) is restricted to localhost by default. The enterprise console (hostname:7080) in contrast is open by default.
Comment 2 Mark Little 2008-10-11 08:51:33 UTC 
Affects: Added: [Documentation (Ref Guide, User Guide, etc.), Release Notes]
Comment 3 Dana Mison 2008-10-14 08:36:39 UTC 
To clarify:
The standard JBoss ESB Management Console can only be accessed from localhost by default.

This limitation does not apply to JON

Is the intent in the "JON for SOA" product to restrict JON by default as well ?

I'm a little unclear as to exactly what I am telling the customer.  How does this relate to SOA?  JON (even the JON for SOA) is a seperate product isn't it?
Comment 5 Dana Mison 2008-10-15 07:35:21 UTC 
The following text is being included to the JON material in the SOA4.3 Administration Guide.

WARNING
Access to the JON console is not retricted to the local server like the embedded JBoss SOA Platform consoles are.  This grants you greater freedom in its use but also means you cannot rely on those restrictions to ensure the security of the JON console.
Comment 6 Len DiMaggio 2009-02-26 01:34:39 UTC 
Assigning to QE to verify that the change is (also) in the 4.3 CP01 docs.
Comment 7 Len DiMaggio 2009-03-05 20:08:00 UTC 
Changed fixed-in version to CP02 - fix will be verified when a new version of JON is available.
Comment 8 Len DiMaggio 2009-09-09 01:15:15 UTC 
Still an issue as of JON 2.3 - SOA-P 4.3 CP02
Comment 9 Aleksandar Kostadinov 2010-01-23 09:28:00 UTC 
Link: Added: This issue is related to JBPAPP-3520
Comment 10 David Le Sage 2010-02-23 02:42:12 UTC 
This warning text is still currently present in the 4.3.CP03 Admin Guide.  Please confirm before CP release goes live if it should be in or out. 


Thanks and cheers.
Comment 11 Anne-Louise Tangring 2010-02-25 18:39:14 UTC 
This issue is not approved for SOA 4.3 CP03. If this needs to be reconsidered, please raise the issue with the SOA PM team.
Comment 12 tcunning 2011-02-23 15:17:08 UTC 
Per 2/22/11 SOA-P PM meeting, closing as won't fix.
Comment 13 David Le Sage 2011-03-21 01:20:25 UTC 
Temporarily reopening to update release note info.
Comment 14 David Le Sage 2011-03-21 01:20:51 UTC 
Release Notes Docs Status: Added: Not Required
Writer: Added: dlesage