[jboss-jira] [JBoss JIRA] (WFLY-430) Update the whoami operation to output additional information when called with verbose=true

[Jason Greene (JIRA)]

     [ https://issues.jboss.org/browse/WFLY-430?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jason Greene updated WFLY-430:
------------------------------

    Fix Version/s: 8.0.0.Beta1
                       (was: 8.0.0.Alpha4)

    
> Update the whoami operation to output additional information when called with verbose=true
> ------------------------------------------------------------------------------------------
>
>                 Key: WFLY-430
>                 URL: https://issues.jboss.org/browse/WFLY-430
>             Project: WildFly
>          Issue Type: Task
>          Components: CLI, Security
>            Reporter: Darran Lofthouse
>            Assignee: Darran Lofthouse
>            Priority: Critical
>             Fix For: 8.0.0.Beta1
>
>
> I need to review if this is feasible but there are a number of reports coming in where end users believe their server is not secured because our local / silent mechanism is working so quietly.
> Initially this issue was to just output the authentication mechanism used however with the addition of access control to WildFly 8 there is additional information that will be useful: -
>  - Authentication Mechanism
>  - Current role membership (May need to take into account the address i.e. what roles do I have at this address)
>  - Additional items that may be used in an authorization decision? e.g. Confidential connection, time, address of client (verify a local connection does appear local)
> Anything else that is included in the audit?
> Could some of these attributes in a response be considered sensitive?  Return everything except the sensitive ones.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira