Return-Path: X-Original-To: apmail-batchee-dev-archive@minotaur.apache.org Delivered-To: apmail-batchee-dev-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 04FF710D77 for ; Sun, 30 Mar 2014 08:39:51 +0000 (UTC) Received: (qmail 48384 invoked by uid 500); 30 Mar 2014 08:39:50 -0000 Delivered-To: apmail-batchee-dev-archive@batchee.apache.org Received: (qmail 48357 invoked by uid 500); 30 Mar 2014 08:39:49 -0000 Mailing-List: contact dev-help@batchee.incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@batchee.incubator.apache.org Delivered-To: mailing list dev@batchee.incubator.apache.org Received: (qmail 48349 invoked by uid 99); 30 Mar 2014 08:39:48 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 30 Mar 2014 08:39:48 +0000 X-ASF-Spam-Status: No, hits=-2000.5 required=5.0 tests=ALL_TRUSTED,RP_MATCHES_RCVD X-Spam-Check-By: apache.org Received: from [140.211.11.3] (HELO mail.apache.org) (140.211.11.3) by apache.org (qpsmtpd/0.29) with SMTP; Sun, 30 Mar 2014 08:39:38 +0000 Received: (qmail 48305 invoked by uid 99); 30 Mar 2014 08:39:15 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 30 Mar 2014 08:39:15 +0000 Date: Sun, 30 Mar 2014 08:39:15 +0000 (UTC) From: "Romain Manni-Bucau (JIRA)" To: dev@batchee.incubator.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (BATCHEE-21) Think about security configuration MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/BATCHEE-21?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13954619#comment-13954619 ] Romain Manni-Bucau commented on BATCHEE-21: ------------------------------------------- Yes I think the config should be a webapp one and not a batchee one. Moreover start/stop... methods of joboperator are secured by spec. So maybe this jira should rather be "propagate security to joboperator from the gui". wdyt? > Think about security configuration > ---------------------------------- > > Key: BATCHEE-21 > URL: https://issues.apache.org/jira/browse/BATCHEE-21 > Project: BatchEE > Issue Type: Bug > Reporter: Mark Struberg > > When we use our batchee-servlet jar in a Batch WAR, then everyone can simply start batches. We either want to add some simple IP restriction configuration to our own code, or we shall at least document that one needs to properly secure his batch webapps. -- This message was sent by Atlassian JIRA (v6.2#6252)