+1 to E
-Tim
On 5/10/2010 11:47 AM, Mark Thomas wrote:
On 10/05/2010 13:25, Konstantin Kolinko wrote:
Thoughts?
It is possible to combine A+C:
E. Use a different name for the new role that allows access to GUI
interface only,
"manager-gui", as well as new "manager-script", "manager-jmx",
"
On 10/05/2010 13:25, Konstantin Kolinko wrote:
Thoughts?
It is possible to combine A+C:
E. Use a different name for the new role that allows access to GUI
interface only,
"manager-gui", as well as new "manager-script", "manager-jmx", "manager-status".
We can even rename "manager" -> "manage
2010/5/7 Mark Thomas :
> I'm trying to decide the best way to back-port the configuration of this to
> the (Host) Manager app in Tomcat 5 & 6.
>
> The requirements are:
> - not to break anything that currently works
> - enable CSRF for the HTML interface
> - the same user cannot have access to the
D (and possibly B)
In the case of B - instead of commenting out - wrap a filter around it
that has default behavior of not being enabled.
So it would look like this:
boolean allowTextInterface = false;
init(FilterConfig) {
String s=System.getProperty("manager.allowTextInterface");
allowTex
I'm trying to decide the best way to back-port the configuration of this
to the (Host) Manager app in Tomcat 5 & 6.
The requirements are:
- not to break anything that currently works
- enable CSRF for the HTML interface
- the same user cannot have access to the HTML and text interfaces for
the
