[wildfly-dev] Proposal: Batch Job Visibility Restrictions

David M. Lloyd david.lloyd at redhat.com
Sat Dec 3 16:22:47 EST 2016


I think this is a smart idea.  I must ask though, why can I not start a 
batch job from another deployment?  Is it just a design limitation?

Usually we'd want to restrict access to things not by deployment (which 
is a somewhat fluid concept) but by identity and authorization permissions.

On 12/02/2016 07:09 PM, James Perkins wrote:
> Currently a deployment can view, stop, restart or abandon any batch job
> that has been submitted or has been executed that exists in the job
> repository. This includes batch jobs from other deployments if the job
> repository is shared, which is the default. I cannot however start a
> batch job from another deployment.
>
> I'm proposing we limit visibility so that a deployment can only access
> jobs which belong to that deployment.
>
> I'd like to get some opinions on this.
>
> There are some, possibly unacceptable, repercussions. For example if a
> user has a deployment that displays information about batch jobs for all
> deployments this change would break that. However it does seem wrong to
> allow any deployment using a shared repository to stop, start or abandon
> a job from a different deployment.
>
> One, probably more complicated, option would be to have an attribute on
> the job-repository to allow jobs to be visible to any deployment with
> access to the job-repository.
>
> --
> James R. Perkins
> JBoss by Red Hat
>
>
> _______________________________________________
> wildfly-dev mailing list
> wildfly-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>

-- 
- DML


More information about the wildfly-dev mailing list