5:44 a.m.
[
https://issues.jboss.org/browse/WFLY-2270?page=com.atlassian.jira.plugin....
]
RH Bugzilla Integration commented on WFLY-2270:
-----------------------------------------------
Ladislav Thon <lthon(a)redhat.com> made a comment on [bug
1018738|https://bugzilla.redhat.com/show_bug.cgi?id=1018738]
Verified with EAP 6.2.0.ER7.
Lack of model integrity checking regarding role mappings, standard
role names and scoped role names.
----------------------------------------------------------------------------------------------------
Key: WFLY-2270
URL: https://issues.jboss.org/browse/WFLY-2270
Project: WildFly
Issue Type: Sub-task
Security Level: Public(Everyone can see)
Reporter: Darran Lofthouse
Assignee: Darran Lofthouse
Fix For: 8.0.0.CR1
Take the following scoped role definition and assignment: -
{code}
<host-scoped-roles>
<role name="master-Monitior"
base-role="MONITOR">
<host name="master"/>
</role>
</host-scoped-roles>
{code}
{code}
<role name="master-Monitior" include-all="true"/>
{code}
Removal results in the following: -
{code}
[domain@localhost:9990 /]
./core-service=management/access=authorization/host-scoped-role=master-Monitior:remove
{
"outcome" => "failed",
"failure-description" => {"domain-failure-description" =>
"JBAS014749: Operation handler failed: JBAS013470: Unknown role
'MASTER-MONITIOR'"},
"rolled-back" => true
}
{code}
Server side this is reported as: -
{code}
[Host Controller] 11:24:57,780 ERROR [org.jboss.as.controller.management-operation]
(management-handler-thread - 4) JBAS014612: Operation ("remove") failed -
address: ([
[Host Controller] ("core-service" => "management"),
[Host Controller] ("access" => "authorization"),
[Host Controller] ("host-scoped-role" => "master-Monitior")
[Host Controller] ]): java.lang.IllegalArgumentException: JBAS013470: Unknown role
'MASTER-MONITIOR'
[Host Controller] at
org.jboss.as.controller.access.rbac.DefaultPermissionFactory.getUserPermissions(DefaultPermissionFactory.java:134)
[wildfly-controller-8.0.0.Beta2-SNAPSHOT.jar:8.0.0.Beta2-SNAPSHOT]
[Host Controller] at
org.jboss.as.controller.access.rbac.DefaultPermissionFactory.getUserPermissions(DefaultPermissionFactory.java:107)
[wildfly-controller-8.0.0.Beta2-SNAPSHOT.jar:8.0.0.Beta2-SNAPSHOT]
[Host Controller] at
org.jboss.as.controller.access.permission.ManagementPermissionAuthorizer.authorize(ManagementPermissionAuthorizer.java:99)
[wildfly-controller-8.0.0.Beta2-SNAPSHOT.jar:8.0.0.Beta2-SNAPSHOT]
[Host Controller] at
org.jboss.as.controller.access.management.DelegatingConfigurableAuthorizer.authorize(DelegatingConfigurableAuthorizer.java:98)
[wildfly-controller-8.0.0.Beta2-SNAPSHOT.jar:8.0.0.Beta2-SNAPSHOT]
[Host Controller] at
org.jboss.as.controller.OperationContextImpl.getBasicAuthorizationResponse(OperationContextImpl.java:1157)
[wildfly-controller-8.0.0.Beta2-SNAPSHOT.jar:8.0.0.Beta2-SNAPSHOT]
[Host Controller] at
org.jboss.as.controller.OperationContextImpl.authorize(OperationContextImpl.java:1059)
[wildfly-controller-8.0.0.Beta2-SNAPSHOT.jar:8.0.0.Beta2-SNAPSHOT]
[Host Controller] at
org.jboss.as.controller.OperationContextImpl.readResourceFromRoot(OperationContextImpl.java:542)
[wildfly-controller-8.0.0.Beta2-SNAPSHOT.jar:8.0.0.Beta2-SNAPSHOT]
[Host Controller] at
org.jboss.as.domain.controller.operations.coordination.ServerOperationResolver.getServerOperations(ServerOperationResolver.java:232)
[Host Controller] at
org.jboss.as.domain.controller.operations.coordination.ServerOperationsResolverHandler.getServerOperations(ServerOperationsResolverHandler.java:149)
[Host Controller] at
org.jboss.as.domain.controller.operations.coordination.ServerOperationsResolverHandler.access$000(ServerOperationsResolverHandler.java:58)
[Host Controller] at
org.jboss.as.domain.controller.operations.coordination.ServerOperationsResolverHandler$2.getServerOperations(ServerOperationsResolverHandler.java:113)
[Host Controller] at
org.jboss.as.domain.controller.operations.coordination.HostControllerExecutionSupport$Factory$DomainOpExecutionSupport.getServerOps(HostControllerExecutionSupport.java:265)
[Host Controller] at
org.jboss.as.domain.controller.operations.coordination.ServerOperationsResolverHandler.execute(ServerOperationsResolverHandler.java:124)
[Host Controller] at
org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:609)
[wildfly-controller-8.0.0.Beta2-SNAPSHOT.jar:8.0.0.Beta2-SNAPSHOT]
[Host Controller] at
org.jboss.as.controller.AbstractOperationContext.doCompleteStep(AbstractOperationContext.java:487)
[wildfly-controller-8.0.0.Beta2-SNAPSHOT.jar:8.0.0.Beta2-SNAPSHOT]
[Host Controller] at
org.jboss.as.controller.AbstractOperationContext.completeStepInternal(AbstractOperationContext.java:277)
[wildfly-controller-8.0.0.Beta2-SNAPSHOT.jar:8.0.0.Beta2-SNAPSHOT]
[Host Controller] at
org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:272)
[wildfly-controller-8.0.0.Beta2-SNAPSHOT.jar:8.0.0.Beta2-SNAPSHOT]
[Host Controller] at
org.jboss.as.controller.ModelControllerImpl.internalExecute(ModelControllerImpl.java:258)
[wildfly-controller-8.0.0.Beta2-SNAPSHOT.jar:8.0.0.Beta2-SNAPSHOT]
[Host Controller] at
org.jboss.as.controller.ModelControllerImpl.execute(ModelControllerImpl.java:143)
[wildfly-controller-8.0.0.Beta2-SNAPSHOT.jar:8.0.0.Beta2-SNAPSHOT]
[Host Controller] at
org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.doExecute(ModelControllerClientOperationHandler.java:205)
[wildfly-controller-8.0.0.Beta2-SNAPSHOT.jar:8.0.0.Beta2-SNAPSHOT]
[Host Controller] at
org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.access$300(ModelControllerClientOperationHandler.java:110)
[wildfly-controller-8.0.0.Beta2-SNAPSHOT.jar:8.0.0.Beta2-SNAPSHOT]
[Host Controller] at
org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$2.run(ModelControllerClientOperationHandler.java:157)
[wildfly-controller-8.0.0.Beta2-SNAPSHOT.jar:8.0.0.Beta2-SNAPSHOT]
[Host Controller] at
org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$2.run(ModelControllerClientOperationHandler.java:153)
[wildfly-controller-8.0.0.Beta2-SNAPSHOT.jar:8.0.0.Beta2-SNAPSHOT]
[Host Controller] at java.security.AccessController.doPrivileged(Native Method)
[rt.jar:1.7.0_17]
[Host Controller] at javax.security.auth.Subject.doAs(Subject.java:415)
[rt.jar:1.7.0_17]
[Host Controller] at
org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1.execute(ModelControllerClientOperationHandler.java:153)
[wildfly-controller-8.0.0.Beta2-SNAPSHOT.jar:8.0.0.Beta2-SNAPSHOT]
[Host Controller] at
org.jboss.as.protocol.mgmt.AbstractMessageHandler$2$1.doExecute(AbstractMessageHandler.java:296)
[wildfly-protocol-8.0.0.Beta2-SNAPSHOT.jar:8.0.0.Beta2-SNAPSHOT]
[Host Controller] at
org.jboss.as.protocol.mgmt.AbstractMessageHandler$AsyncTaskRunner.run(AbstractMessageHandler.java:518)
[wildfly-protocol-8.0.0.Beta2-SNAPSHOT.jar:8.0.0.Beta2-SNAPSHOT]
[Host Controller] at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
[rt.jar:1.7.0_17]
[Host Controller] at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
[rt.jar:1.7.0_17]
[Host Controller] at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_17]
[Host Controller] at org.jboss.threads.JBossThread.run(JBossThread.java:122)
[jboss-threads-2.1.1.Final.jar:2.1.1.Final]
{code}
At this point I believe that role removal is actually successful, however a subsequent
operation is failing as the role previously associated with the user no longer exists.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira