[infinispan-issues] [JBoss JIRA] (ISPN-7254) Administration console - accesing content without needed permissions should display error meesage

Vladimir Blagojevic (JIRA) issues at jboss.org
Wed Nov 30 08:25:00 EST 2016 

     [ https://issues.jboss.org/browse/ISPN-7254?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Vladimir Blagojevic updated ISPN-7254:
--------------------------------------
              Status: Pull Request Sent  (was: Open)
    Git Pull Request: https://github.com/infinispan/infinispan-management-console/pull/154


> Administration console - accesing content without needed permissions should display error meesage
> -------------------------------------------------------------------------------------------------
>
>                 Key: ISPN-7254
>                 URL: https://issues.jboss.org/browse/ISPN-7254
>             Project: Infinispan
>          Issue Type: Bug
>          Components: JMX, reporting and management
>    Affects Versions: 9.0.0.Alpha4
>            Reporter: Roman Macor
>            Assignee: Vladimir Blagojevic
>         Attachments: standalone-auth.xml
>
>
> Create user with admin role, but without ___script_manager and ___schema_manager roles
> Start the server with security enabled.
> e.g. standalone with attached configuration (but the issue is present in domain mode as well)
> bin/standalone.sh -c standalone-auth.xml
> click on cache container -> configuration 
> result: the console is stuck with loading icon (it's still responding)
> Server log show:
> ERROR [org.jboss.as.controller.management-operation] (External Management Request Threads -- 9) WFLYCTL0013: Operation ("get-proto-schema-names") failed - address: ([
>     "subsystem",
>     "datagrid-infinispan",
>     "cache-container",
>     "local"
> ]) - failure description: "DGISPN0118: Failed to invoke operation: ISPN000287: Unauthorized access: subject 'Subject with principal(s): [org.jboss.as.core.security.SimplePrincipal at 36ebcb, user at ManagementRealm, admin at ManagementRealm, InetAddressPrincipal <127.0.0.1/127.0.0.1>]' lacks 'BULK_READ' permission"
> Expected result: there should be an error message in the console informing the user that he doesn't have required permissions.
> *Another issue*: User have admin role, so he should be able to access configuration page, he shouldn't be able to access scripts and schemes configuration because he lacks ,___script_manager and ___schema_manager



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the infinispan-issues mailing list