[jboss-jira] [JBoss JIRA] (WFLY-2216) include-all role mappings don't work in domain

Darran Lofthouse (JIRA) jira-events at lists.jboss.org
Fri Oct 4 12:19:02 EDT 2013 

    [ https://issues.jboss.org/browse/WFLY-2216?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12809524#comment-12809524 ] 

Darran Lofthouse commented on WFLY-2216:
----------------------------------------

The following commands are sufficient to reproduce this (ensure the provider is set to rbac before starting the server): -

{code}
[domain at localhost:9990 /] ./core-service=management/access=authorization/role-mapping=Operator:add
{
    "outcome" => "success",
    "result" => undefined,
    "server-groups" => {"main-server-group" => {"host" => {"master" => {
        "server-one" => {"response" => {"outcome" => "success"}},
        "server-two" => {"response" => {"outcome" => "success"}}
    }}}}
}
[domain at localhost:9990 /] ./core-service=management/access=authorization/role-mapping=Operator:write-attribute(name=include-all, value=true)
{
    "outcome" => "success",
    "result" => undefined,
    "server-groups" => {"main-server-group" => {"host" => {"master" => {
        "server-one" => {"response" => {"outcome" => "success"}},
        "server-two" => {"response" => {"outcome" => "success"}}
    }}}}
}
[domain at localhost:9990 /] :whoami(verbose=true)
{
    "outcome" => "success",
    "result" => {
        "identity" => {
            "username" => "$local",
            "realm" => "ManagementRealm"
        },
        "mapped-roles" => ["SUPERUSER"]
    }
}
{code}
                
> include-all role mappings don't work in domain
> ----------------------------------------------
>
>                 Key: WFLY-2216
>                 URL: https://issues.jboss.org/browse/WFLY-2216
>             Project: WildFly
>          Issue Type: Sub-task
>          Components: Domain Management, Security
>            Reporter: Ladislav Thon
>            Assignee: Darran Lofthouse
>              Labels: rbac-filed-by-qa
>             Fix For: 8.0.0.Beta1
>
>
> If I understand correctly, roles that have {{include-all=true}} in their role mappings should be added to all authenticated users. In my tests, though, this only works in standalone mode.
> In domain mode, if I set a role mapping to {{include-all}}, this setting is not reflected (at least not immediately; maybe it would work after restart, but that's wrong anyway). It doesn't matter which role is set to be {{include-all}} -- in my tests, I use both standard roles and scoped roles and it consistently doesn't work. There's probably some wrong caching going on.
> The failing test case is in my pull request https://github.com/wildfly/wildfly/pull/5166 (it's the _RBAC tests for include-all role mappings in domain_ commit). If it's more convenient, the pull request is the same as my _rbac_ branch (https://github.com/Ladicek/wildfly/commits/rbac).
> Darran, I'm not sure if you are the right assignee -- please reassign if needed. Thanks.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list