[jboss-jira] [JBoss JIRA] (WFLY-1866) More useful access control failure messages
Brian Stansberry (JIRA)
jira-events at lists.jboss.org
Wed Sep 11 14:22:03 EDT 2013
[ https://issues.jboss.org/browse/WFLY-1866?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Brian Stansberry resolved WFLY-1866.
------------------------------------
Fix Version/s: (was: 8.0.0.CR1)
Resolution: Won't Fix
We won't do this for WF 8 and perhaps never. Including details in failure messages risks leaking security sensitive information.
Thanks to John Doyle for pointing that out.
WFLY-2050 is the replacement for this. Users can use TRACE logging on the server side to analyze the cause of unexpected authorization issues.
> More useful access control failure messages
> -------------------------------------------
>
> Key: WFLY-1866
> URL: https://issues.jboss.org/browse/WFLY-1866
> Project: WildFly
> Issue Type: Sub-task
> Components: Domain Management
> Reporter: Brian Stansberry
> Assignee: Brian Stansberry
>
> The current RBAC implementation does not provide any information about the reason for an unauthorized decision, simply a "Permission denied" message.
> This should be reworked such that constraints can provide more information thus helping the user to understand the reason an action is not authorized.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list