Brian Stansberry created WFLY-2572:
--------------------------------------
Summary: OperationContext.readResourceFromRoot throws UnauthorizedException
even when the user doesn't have 'address' perms
Key: WFLY-2572
URL:
https://issues.jboss.org/browse/WFLY-2572
Project: WildFly
Issue Type: Sub-task
Security Level: Public (Everyone can see)
Components: Domain Management
Affects Versions: 8.0.0.Beta1
Reporter: Brian Stansberry
Assignee: Brian Stansberry
Fix For: 8.0.0.CR1
UnauthorizedException is used when the caller doesn't have read or write perms. When
'address' perms are missing, NoSuchResourceException should be thrown, same as if
the resource didn't exist. OperationContext.readResourceFromRoot is not doing this.
I haven't found any situations in the existing code where this is resulting in leakage
of the existence of addresses, but a possible fix for WFLY-2444 shows it happening once
the fix is in place.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:
http://www.atlassian.com/software/jira