[jboss-jira] [JBoss JIRA] (WFLY-1895) Provide a "default" role for users with no other role specified

Brian Stansberry (JIRA) jira-events at lists.jboss.org
Wed Aug 21 15:00:26 EDT 2013 

    [ https://issues.jboss.org/browse/WFLY-1895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12798305#comment-12798305 ] 

Brian Stansberry commented on WFLY-1895:
----------------------------------------

No default role. If the user is unmapped, they have no rights to do anything related to managing the server.

If there is some specific way we can improve the user experience when this occurs, let's look at that.

Good question about an unsecured management interface. Without giving it a great deal of thought, I'd think that if 'rbac' is enabled, an unsecured interface is the same as a secured interface where the user doesn't map to any roles. The configuration says a certain mapping from credentials to roles must occur before perms are granted, and the absence of credentials means mapping results in no perms.

The 'simple' provider is different. It says a valid user gets full permissions, and with an unsecured interface any user is valid.
                
> Provide a "default" role for users with no other role specified
> ---------------------------------------------------------------
>
>                 Key: WFLY-1895
>                 URL: https://issues.jboss.org/browse/WFLY-1895
>             Project: WildFly
>          Issue Type: Sub-task
>          Components: Domain Management, Security
>            Reporter: Jakub Cechacek
>            Assignee: Brian Stansberry
>             Fix For: 8.0.0.CR1
>
>
> Currently it seems that when using RBAC provider users with no defined role are unable to read domain model at all.  Consequently logging into Admin Console leads to 500 error page. Similar errors in CLI. 
> In relation to this, it should be considered what is the expected behavior of unsecured management interface. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list