]
Brian Stansberry reassigned WFLY-2318:
--------------------------------------
Assignee: Harald Pehl (was: Brian Stansberry)
Harald, I'm assigning this to you to confirm it's fixed or to provide more info.
With WFLY-2583 resolved I believe this should be working correctly.
Access control exceptions missing for scoped roles
--------------------------------------------------
Key: WFLY-2318
URL:
https://issues.jboss.org/browse/WFLY-2318
Project: WildFly
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: Domain Management
Reporter: Heiko Braun
Assignee: Harald Pehl
The following setup: user with two scoped roles assigned. maintainer for
"main-servers", monitor for "other-servers". Requesting the access
control meta data for the server group wildcard ]does not include "exceptions".
Expected result: the access control meta data response contains an "exception"
for each server group (main-server-group & other-server-group)
{code}
[domain@localhost:9999 /]
./server-group=*:read-resource-description(access-control=trim-descriptions,
operations=true){roles=main-servers, other-servers}
{
"outcome" => "success",
"result" => [{
"address" => [("server-group" => "*")],
"outcome" => "success",
"result" => {
"description" => undefined,
"attributes" => undefined,
"operations" => undefined,
"children" => {
"deployment" => {"model-description" =>
undefined},
"system-property" => {"model-description" =>
undefined},
"jvm" => {"model-description" => undefined},
"deployment-overlay" => {"model-description" =>
undefined}
},
"access-control" => {
"default" => {
"read" => true,
"write" => true,
"attributes" => {
"socket-binding-port-offset" => {
"read" => true,
"write" => true
},
"management-subsystem-endpoint" => {
"read" => true,
"write" => false
},
"socket-binding-group" => {
"read" => true,
"write" => true
},
"profile" => {
"read" => true,
"write" => true
}
},
"operations" => {
"read-children-names" => {"execute" =>
true},
"read-operation-description" => {"execute"
=> true},
"remove" => {"execute" => true},
"read-resource-description" => {"execute"
=> true},
"stop-servers" => {"execute" => true},
"read-resource" => {"execute" =>
true},
"add" => {"execute" => true},
"read-attribute" => {"execute" =>
true},
"whoami" => {"execute" => true},
"read-children-types" => {"execute" =>
true},
"read-operation-names" => {"execute" =>
true},
"undefine-attribute" => {"execute" =>
true},
"start-servers" => {"execute" =>
true},
"read-children-resources" => {"execute"
=> true},
"restart-servers" => {"execute" =>
true},
"replace-deployment" => {"execute" =>
true},
"write-attribute" => {"execute" =>
true}
}
},
"exceptions" => {}
}
}
}]
}
{code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: