[jboss-jira] [JBoss JIRA] (WFLY-1986) Review exceptions thrown for authorization cases in JMX
Darran Lofthouse (JIRA)
jira-events at lists.jboss.org
Tue Sep 3 05:39:03 EDT 2013
[ https://issues.jboss.org/browse/WFLY-1986?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12801057#comment-12801057 ]
Darran Lofthouse commented on WFLY-1986:
----------------------------------------
We do need to be very careful that whatever exceptions are used that they do not reveal the existence of items that the caller should not know about.
> Review exceptions thrown for authorization cases in JMX
> -------------------------------------------------------
>
> Key: WFLY-1986
> URL: https://issues.jboss.org/browse/WFLY-1986
> Project: WildFly
> Issue Type: Sub-task
> Components: Domain Management, Security
> Reporter: Jakub Cechacek
> Assignee: Kabir Khan
> Labels: rbac-filed-by-qa
> Fix For: 8.0.0.CR1
>
>
> It should be reconsidered which exception to use for RBAC authorization cases in JMX.
> For example "AttributeNotFoundException" doesn't make much sense when attribute exists but user is missing permissions for write. In this case I would use its superclass "OperationsException" instead.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list