[jboss-jira] [JBoss JIRA] (WFLY-1838) Authorisation descision filtered vs. read-only
Heiko Braun (JIRA)
jira-events at lists.jboss.org
Wed Aug 7 03:03:26 EDT 2013
[ https://issues.jboss.org/browse/WFLY-1838?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12795499#comment-12795499 ]
Heiko Braun commented on WFLY-1838:
-----------------------------------
{quote}
2)
a) If an attribute's access is sensitive it will not appear in either read-resource-description or read-resource.
b) If it is read-config=true it will be filtered in read-resource.
c) If it is write-config=true it could be non-filtered in read-resource, since as far as I know read-config=true is the trigger used for filtering (Brian will need to confirm that part)
{quote}
Regarding 2b: You probably mean if it's "read-config=false" it wil be filtered in read-resource?
> Authorisation descision filtered vs. read-only
> ----------------------------------------------
>
> Key: WFLY-1838
> URL: https://issues.jboss.org/browse/WFLY-1838
> Project: WildFly
> Issue Type: Clarification
> Components: Domain Management
> Reporter: Heiko Braun
> Assignee: Kabir Khan
>
> When I look at datasources for example, I can see a difference between :read-resource-description(access-control=true) and the output of :read-resource(){roles=monitor}.
> The first doesn't contain constraints for "security-domain", but the later indicates them as being filtered (access-control response header).
> First question: Is this a bug?
> Second and more general question: Will all filtered attributes be presented as "read=false" & "write=false"?
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list