[jboss-jira] [JBoss JIRA] (WFLY-430) Update the whoami operation to output additional information when called with verbose=true

Darran Lofthouse (JIRA) jira-events at lists.jboss.org
Wed Jun 19 11:04:21 EDT 2013 

    [ https://issues.jboss.org/browse/WFLY-430?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12782991#comment-12782991 ] 

Darran Lofthouse commented on WFLY-430:
---------------------------------------

After discussing with Brian we need to consider how much to add to this operation and how much could be accessed using authorization impl specific operations - i.e. the use of roles is an implementation detail other authorization schemes may not make use of them.
                
> Update the whoami operation to output additional information when called with verbose=true
> ------------------------------------------------------------------------------------------
>
>                 Key: WFLY-430
>                 URL: https://issues.jboss.org/browse/WFLY-430
>             Project: WildFly
>          Issue Type: Task
>          Components: CLI, Security
>            Reporter: Darran Lofthouse
>            Assignee: Darran Lofthouse
>            Priority: Critical
>             Fix For: 8.0.0.Alpha3
>
>
> I need to review if this is feasible but there are a number of reports coming in where end users believe their server is not secured because our local / silent mechanism is working so quietly.
> Initially this issue was to just output the authentication mechanism used however with the addition of access control to WildFly 8 there is additional information that will be useful: -
>  - Authentication Mechanism
>  - Current role membership (May need to take into account the address i.e. what roles do I have at this address)
>  - Additional items that may be used in an authorization decision? e.g. Confidential connection, time, address of client (verify a local connection does appear local)
> Anything else that is included in the audit?
> Could some of these attributes in a response be considered sensitive?  Return everything except the sensitive ones.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list