Darran Lofthouse created WFCORE-1533: ---------------------------------------- Summary: Integrate Management Access Control permission assignment with Elytron Key: WFCORE-1533 URL: https://issues.jboss.org/browse/WFCORE-1533 Project: WildFly Core Issue Type: Feature Request Components: Domain Management, Security Reporter: Darran Lofthouse Assignee: Darran Lofthouse Fix For: 3.0.0.Alpha1 A big portion of management role based access control is taking the assigned roles and then mapping these to the permissions for that role. Elytron provides a new PermissionMapper interface that takes a SecurityIdentity and the roles mapped for that identity and returns a PermissionVerifier which can be as simple as a wrapper around a PermissionCollection. This will also be a good opportunity to start to move the role mapping out of the core management model to Elytron. After that Elytron allows for custom PermissionMapper implementations to be provided and associated with the domain using capabilities and requirements so we arrive at a point where provided the permission checks performed by management are generic enough custom PermissionMapper / PermissionVerifier implementations can be added that may or may not be role based. _Note: As with everything we are doing old and new need to be supported in parallel for a while although this may be achieved by providing default Elytron implementations that are wrappers around the old._ -- This message was sent by Atlassian JIRA (v6.4.11#64026)