[jboss-jira] [JBoss JIRA] (WFLY-2444) Missing filtering response header from type=*:read-resource
Brian Stansberry (JIRA)
jira-events at lists.jboss.org
Tue Nov 5 17:34:01 EST 2013
Brian Stansberry created WFLY-2444:
--------------------------------------
Summary: Missing filtering response header from type=*:read-resource
Key: WFLY-2444
URL: https://issues.jboss.org/browse/WFLY-2444
Project: WildFly
Issue Type: Sub-task
Security Level: Public (Everyone can see)
Components: Domain Management
Affects Versions: 8.0.0.Beta1
Reporter: Brian Stansberry
Assignee: Brian Stansberry
Fix For: 8.0.0.CR1
No indication that data was filtered when running read-resource against a wildcard address.
[standalone at localhost:9990 /] /core-service=management/security-realm=*:read-resource{roles=Monitor}
{
"outcome" => "success",
"result" => []
}
If you make a non-addressable resource addressable, but still non-readable, you get the same result:
[standalone at localhost:9990 /] /subsystem=security/security-domain=*:read-resource{roles=Monitor}
{
"outcome" => "success",
"result" => []
}
This latter condition is more problematic, as the user has no clue that some security-domains exist but no data was provided, even though the user has the right to know about their existence.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list