]
RH Bugzilla Integration commented on WFLY-2891:
-----------------------------------------------
Kabir Khan <kkhan(a)redhat.com> changed the Status of [bug
Not authorised write operation does not get audit logged if
log-read-only="false"
---------------------------------------------------------------------------------
Key: WFLY-2891
URL:
https://issues.jboss.org/browse/WFLY-2891
Project: WildFly
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: Domain Management
Affects Versions: 8.0.0.CR1
Reporter: Kabir Khan
Assignee: Brian Stansberry
Fix For: 8.1.0.CR1
This is because audit logging uses the controller lock to find out if the model was a
write operation. If rbac is enabled and an operation is not authorised, the error happens
before the controller lock is taken. So if audit log log-read-only="false" the
failed operation does not get logged.