[JBoss JIRA] (WFCORE-2003) replacement expression in access-control

Friday, 21 July 2017

     [
https://issues.jboss.org/browse/WFCORE-2003?page=com.atlassian.jira.plugi...
]

Brian Stansberry resolved WFCORE-2003.
--------------------------------------
    Resolution: Won't Do

We won't do this. We didn't allow expressions on the RBAC attributes because that
opens up the possibility of inconsistent RBAC configuration across a managed domain.

...
 replacement expression in access-control
 ----------------------------------------

                 Key: WFCORE-2003
                 URL: https://issues.jboss.org/browse/WFCORE-2003
             Project: WildFly Core
          Issue Type: Enhancement
          Components: Domain Management
    Affects Versions: 2.1.0.Final
         Environment: EAP7.0.3
            Reporter: Hisanobu Okuda
            Assignee: Brian Stansberry

 Our customer wants to use replacement expression in `<access-control/>`:
 {code}
      ${env.VARNAME} for environemt vars
      ${VARNAME} for system properties
      ${VAULT::BLOCK::attribute::1} for vars stored inside jboss vault
 {code}
 Example:
 while adding group in for any role like (SuperUser) .
 {code}

/core-service=management/access=authorization/role-mapping=SuperUser/include="group_admin":add(name="${ldap_admin_grp}",
type=GROUP)
 {code}
 resulting :
 {code}
                 <role name="SuperUser">
                     <include>
                         <user name="$local"/>
                         <group alias="group_admin"
name="${ldap_admin_grp}"/>
                     </include>
                 </role>
 {code} 

--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006