]
Brian Stansberry updated WFCORE-554:
------------------------------------
Git Pull Request:
Unintuitive CLI behavior with 'rbac' enabled and no
security-realm configured on mangement interface
----------------------------------------------------------------------------------------------------
Key: WFCORE-554
URL:
https://issues.jboss.org/browse/WFCORE-554
Project: WildFly Core
Issue Type: Enhancement
Components: CLI
Reporter: Brian Stansberry
Assignee: Alexey Loubyansky
Priority: Minor
Fix For: 1.0.0.Beta1
See WFCORE-272 for background; this issue is to track the CLI part of my comment of
2014/01/28.
With no security realm configured on the management interface and the 'rbac'
provider chosen, CLI behavior is not very intuitive. You can connect and you get the
[standalone@localhost:9990 /] prompt. But if you attempt to do anything that requires
server-side work you get various errors indicating you aren't authorized.
E.g.:
{code}
$ bin/jboss-cli.sh -c
[standalone@localhost:9990 /] ls
Failed to fetch the list of children: {
"outcome" => "failed",
"failure-description" => "WFLYCTL0313: Unauthorized to execute
operation 'composite' for resource '[]' -- \"WFLYCTL0332: Permission
denied\"",
"rolled-back" => true
}
{code}
In this situation the user is not going to have permissions to do much of anything at
all, so it would be good to detect that somehow and respond accordingly. (The lack of a
security realm means there is no way to map the user to a role. They can log in but they
are not in any role and thus have no permissions.)