[wildfly-dev] WFCORE-276 - :whoami(verbose=true) Fails for user with no roles.
Darran Lofthouse
darran.lofthouse at jboss.com
Mon Nov 24 13:37:17 EST 2014
Hello Alexey / Brian,
Just trying to get to the bottom of a failure where
:whoami(verbose=true) is being performed by a user in the CLI with no
roles and the following error is received and looking for some ideas.
"WFLYCTL0313: Unauthorized to execute operation
'read-operation-description' for resource '[]' -- "WFLYCTL0332:
Permission denied""
The call to the :whoami operation would be fine except as there is a
parameter the CLI is attempting to validate the parameters by making a
call to read-operation-description and it is that call that is failing.
Personally I think this operation working is important as it enables
some debugging of role assignment, i.e. if a user has not been granted
the expected roles this call helps provide some information about that.
So unless we are going to say the user should not be calling whoami we
broadly have two options: -
1 - Make a special case in the CLI and skip the
read-operation-description call.
2 - Access control changes to make it possible to call
read-operation-description for the whoami operation.
Regards,
Darran Lofthouse.
More information about the wildfly-dev
mailing list