[jboss-jira] [JBoss JIRA] (WFLY-1838) Authorisation descision filtered vs. read-only

Kabir Khan (JIRA) jira-events at lists.jboss.org
Wed Aug 7 04:42:26 EDT 2013 

    [ https://issues.jboss.org/browse/WFLY-1838?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12795527#comment-12795527 ] 

Kabir Khan edited comment on WFLY-1838 at 8/7/13 4:40 AM:
----------------------------------------------------------

Regarding 2)
I did indeed have things the wrong way round last night, for this example access control:
{code}
                            "max-pool-size" => {
                                "read-config" => true,
                                "write-config" => false
                            },
{code}
means the user can read config and not write config, rather than the opposite which is what I said yesterday.

This table should show what gets filtered and not:
||read-config||write-config||filtered||
|true|true|yes|
|true|false|yes|
|false|true|no|
|false|false|no|


                
      was (Author: kabirkhan):
    Regarding 2)
I did indeed have things the wrong way round last night, for this example access control:
{code}
                            "max-pool-size" => {
                                "read-config" => true,
                                "write-config" => false
                            },
{code}
means the user can read config and not write config, rather than the opposite which is what I said yesterday.

This table should show what gets filtered and not} 
||read-config||write-config||filtered||
|true|true|yes|
|true|false|yes|
|false|true|no|
|false|false|no|


                  
> Authorisation descision filtered vs. read-only
> ----------------------------------------------
>
>                 Key: WFLY-1838
>                 URL: https://issues.jboss.org/browse/WFLY-1838
>             Project: WildFly
>          Issue Type: Clarification
>          Components: Domain Management
>            Reporter: Heiko Braun
>            Assignee: Kabir Khan
>
> When I look at datasources for example, I can see a difference between :read-resource-description(access-control=true) and the output of :read-resource(){roles=monitor}.
> The first doesn't contain constraints for "security-domain", but the later indicates them as being filtered (access-control response header).
> First question: Is this a bug?
> Second and more general question: Will all filtered attributes be presented as "read=false" & "write=false"?

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list