[jboss-jira] [JBoss JIRA] (WFLY-430) Update the whoami operation to output additional information when called with verbose=true

Darran Lofthouse (JIRA) jira-events at lists.jboss.org
Wed Jun 12 06:02:55 EDT 2013 

     [ https://issues.jboss.org/browse/WFLY-430?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Darran Lofthouse updated WFLY-430:
----------------------------------

    Description: 
I need to review if this is feasible but there are a number of reports coming in where end users believe their server is not secured because our local / silent mechanism is working so quietly.

Initially this issue was to just output the authentication mechanism used however with the addition of access control to WildFly 8 there is additional information that will be useful: -
 - Authentication Mechanism
 - Current role membership (May need to take into account the address i.e. what roles do I have at this address)
 - Additional items that may be used in an authorization decision? e.g. Confidential connection, time, address of client (verify a local connection does appear local)

Anything else that is included in the audit?
Could some of these attributes in a response be considered sensitive?  Return everything except the sensitive ones.


  was:
I need to review if this is feasible but there are a number of reports coming in where end users believe their server is not secured because our local / silent mechanism is working so quietly.



    
> Update the whoami operation to output additional information when called with verbose=true
> ------------------------------------------------------------------------------------------
>
>                 Key: WFLY-430
>                 URL: https://issues.jboss.org/browse/WFLY-430
>             Project: WildFly
>          Issue Type: Task
>          Components: CLI, Security
>            Reporter: Darran Lofthouse
>            Assignee: Darran Lofthouse
>             Fix For: 8.0.0.Alpha3
>
>
> I need to review if this is feasible but there are a number of reports coming in where end users believe their server is not secured because our local / silent mechanism is working so quietly.
> Initially this issue was to just output the authentication mechanism used however with the addition of access control to WildFly 8 there is additional information that will be useful: -
>  - Authentication Mechanism
>  - Current role membership (May need to take into account the address i.e. what roles do I have at this address)
>  - Additional items that may be used in an authorization decision? e.g. Confidential connection, time, address of client (verify a local connection does appear local)
> Anything else that is included in the audit?
> Could some of these attributes in a response be considered sensitive?  Return everything except the sensitive ones.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list