[jboss-jira] [JBoss JIRA] (WFLY-2572) OperationContext.readResourceFromRoot throws UnauthorizedException even when the user doesn't have 'address' perms
Brian Stansberry (JIRA)
jira-events at lists.jboss.org
Mon Nov 25 18:14:05 EST 2013
Brian Stansberry created WFLY-2572:
--------------------------------------
Summary: OperationContext.readResourceFromRoot throws UnauthorizedException even when the user doesn't have 'address' perms
Key: WFLY-2572
URL: https://issues.jboss.org/browse/WFLY-2572
Project: WildFly
Issue Type: Sub-task
Security Level: Public (Everyone can see)
Components: Domain Management
Affects Versions: 8.0.0.Beta1
Reporter: Brian Stansberry
Assignee: Brian Stansberry
Fix For: 8.0.0.CR1
UnauthorizedException is used when the caller doesn't have read or write perms. When 'address' perms are missing, NoSuchResourceException should be thrown, same as if the resource didn't exist. OperationContext.readResourceFromRoot is not doing this.
I haven't found any situations in the existing code where this is resulting in leakage of the existence of addresses, but a possible fix for WFLY-2444 shows it happening once the fix is in place.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list