JBoss Web to Management Console Redirects

To help users get started with AS7 we include a simple welcome context exposed on the JBoss Web connector, on clicking the link for the admin console we attempt a redirect after checking if we believe it is likely to succeed - this document describes the redirect scenarios and expected outcomes.

 

One point to note is that the JBoss Web connector and management HTTP interface are deliberatly separate - when sending a redirect we do not want the redirect to be revealing internal server details not intended to be made public.

 

 

The following addresses are available to us for the comparison: -

  • The management bind address.
    • 127.0.0.1
    • ::1
    • 0.0.0.0 or ::
    • Another non-loopback address.
  • The local address of the JBoss Web connector.
    • 127.0.0.1
    • ::1
    • Another non-loopback address.
  • The host name within the HTTP header.
    • 127.0.0.1 (Or equivalent host name)
    • ::1 (Or equivalent host name)
    • Another non-loopback address.
    • An address not on this server.

 

 

Management Bind Address
Local Address
Host from Header
Outcome
127.0.0.1127.0.0.1
Redirect using host from header.
::1::1
Redirect using host from header.
127.0.0.1::1Any loopback representationRedirect using 127.0.0.1
::1127.0.0.1Any loopback representationRedirect using ::1
0.0.0.0 or ::

Redirect using host from header.
A specific non-loopback addressA specific non-loopback address
Ensure the two addresses are the same, redirect using the host from the header.



Other scenarios reject.

 

It is important to remember that the intention of this redirect is a simple redirect to help users navigate from port 8080 which they are used to over to the management console on port 9990, once network configuration becomes more complex it is very difficult if not impossible for us detect if redirects are even possible. 

 

Once the network configuration becomes more complex it is expected that administrators will connect directly to the management console and disable the welcome context and not rely on having a welcome context running adjacent to their deployed applications.