[jboss-jira] [JBoss JIRA] (WFLY-1895) Provide a "default" role for users with no other role specified

[Darran Lofthouse (JIRA)]

    [ https://issues.jboss.org/browse/WFLY-1895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12803185#comment-12803185 ] 

Darran Lofthouse commented on WFLY-1895:
----------------------------------------

WFLY-1895 and WFLY-2037 are very closely related overall I think the following changes should be made: -
 1 - If a user has no roles assigned the HTTP server should be returning a HTTP 403 response to indicate permission has been denied, need to take into account that future access control providers may not be role based when implementing this.
 2 - Enhance the role mapping configuration with a default role to be assigned to all authenticated callers if no other roles are assigned. That potentially even eliminates the need for the 'simple' access control provider.

                
> Provide a "default" role for users with no other role specified
> ---------------------------------------------------------------
>
>                 Key: WFLY-1895
>                 URL: https://issues.jboss.org/browse/WFLY-1895
>             Project: WildFly
>          Issue Type: Sub-task
>          Components: Domain Management, Security
>            Reporter: Jakub Cechacek
>            Assignee: Brian Stansberry
>              Labels: rbac-filed-by-qa
>             Fix For: 8.0.0.CR1
>
>
> Currently it seems that when using RBAC provider users with no defined role are unable to read domain model at all.  Consequently logging into Admin Console leads to 500 error page. Similar errors in CLI. 
> In relation to this, it should be considered what is the expected behavior of unsecured management interface. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira