[wildfly-dev] WFCORE-276 - :whoami(verbose=true) Fails for user with no roles.

Darran Lofthouse darran.lofthouse at jboss.com
Mon Nov 24 13:37:17 EST 2014

Hello Alexey / Brian,

Just trying to get to the bottom of a failure where 
:whoami(verbose=true) is being performed by a user in the CLI with no 
roles and the following error is received and looking for some ideas.

"WFLYCTL0313: Unauthorized to execute operation 
'read-operation-description' for resource '[]' -- "WFLYCTL0332: 
Permission denied""

The call to the :whoami operation would be fine except as there is a 
parameter the CLI is attempting to validate the parameters by making a 
call to read-operation-description and it is that call that is failing.

Personally I think this operation working is important as it enables 
some debugging of role assignment, i.e. if a user has not been granted 
the expected roles this call helps provide some information about that.

So unless we are going to say the user should not be calling whoami we 
broadly have two options: -

1 - Make a special case in the CLI and skip the 
read-operation-description call.

2 - Access control changes to make it possible to call 
read-operation-description for the whoami operation.

Darran Lofthouse.

More information about the wildfly-dev mailing list