[jboss-jira] [JBoss JIRA] (WFLY-2584) RBAC: Silent failure of run-as role mapping
Brian Stansberry (JIRA)
jira-events at lists.jboss.org
Tue Nov 26 19:40:06 EST 2013
Brian Stansberry created WFLY-2584:
--------------------------------------
Summary: RBAC: Silent failure of run-as role mapping
Key: WFLY-2584
URL: https://issues.jboss.org/browse/WFLY-2584
Project: WildFly
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: Domain Management
Affects Versions: 8.0.0.Beta1
Reporter: Brian Stansberry
Assignee: Darran Lofthouse
Fix For: 8.0.0.CR1
RunAsRoleMapper.mapRoles(Caller caller, Set<String> currentRoles, Set<String> runAsRoles, boolean sanitized) ignores false results from realRoleMapper.canRunAs(currentRoles, requestedRole) and just leaves the user running in their regular roles. Some sort of failure condition seems more appropriate.
I noticed this when I was investigating WFLY-2318 caused by WFLY-2583. The improperly parsed role list was resulting in realRoleMapper.canRunAs(currentRoles, requestedRole) so the call would just execute as SuperUser.
Same thing would happen with a simple typo like {roles=Mnitor}.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list