[jboss-jira] [JBoss JIRA] (WFLY-2412) security realms and ldap connections incorrectly hidden by default in domain mode.
Darran Lofthouse (JIRA)
jira-events at lists.jboss.org
Wed Oct 30 11:05:02 EDT 2013
Darran Lofthouse created WFLY-2412:
--------------------------------------
Summary: security realms and ldap connections incorrectly hidden by default in domain mode.
Key: WFLY-2412
URL: https://issues.jboss.org/browse/WFLY-2412
Project: WildFly
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: Domain Management, Security
Reporter: Darran Lofthouse
Assignee: Darran Lofthouse
Fix For: 8.0.0.CR1
Running WildFly master in domain mode and connect using the CLI.
{code}
[domain at localhost:9990 /] :whoami(verbose=true)
{
"outcome" => "success",
"result" => {
"identity" => {
"username" => "$local",
"realm" => "ManagementRealm"
},
"mapped-roles" => ["SuperUser"]
}
}
{code}
Although this shows the user has been authenticated against the ManagementRealm is apparently does not exist!
{code}
[domain at localhost:9990 /] ./core-service=management/security-realm=ManagementRealm:read-resource
{
"outcome" => "failed",
"failure-description" => "JBAS014807: Management resource '[
(\"core-service\" => \"management\"),
(\"security-realm\" => \"ManagementRealm\")
]' not found",
"rolled-back" => true
}
{code}
First impression is that access control is hiding a sensitive resource even though with the default config it should not.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list