[jboss-jira] [JBoss JIRA] (WFLY-430) Update the whoami operation to output additional information when called with verbose=true
Darran Lofthouse (JIRA)
jira-events at lists.jboss.org
Mon Jun 17 14:17:21 EDT 2013
[ https://issues.jboss.org/browse/WFLY-430?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Darran Lofthouse updated WFLY-430:
----------------------------------
Priority: Critical (was: Major)
> Update the whoami operation to output additional information when called with verbose=true
> ------------------------------------------------------------------------------------------
>
> Key: WFLY-430
> URL: https://issues.jboss.org/browse/WFLY-430
> Project: WildFly
> Issue Type: Task
> Components: CLI, Security
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Priority: Critical
> Fix For: 8.0.0.Alpha3
>
>
> I need to review if this is feasible but there are a number of reports coming in where end users believe their server is not secured because our local / silent mechanism is working so quietly.
> Initially this issue was to just output the authentication mechanism used however with the addition of access control to WildFly 8 there is additional information that will be useful: -
> - Authentication Mechanism
> - Current role membership (May need to take into account the address i.e. what roles do I have at this address)
> - Additional items that may be used in an authorization decision? e.g. Confidential connection, time, address of client (verify a local connection does appear local)
> Anything else that is included in the audit?
> Could some of these attributes in a response be considered sensitive? Return everything except the sensitive ones.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list