[jboss-jira] [JBoss JIRA] (WFLY-2037) Login as user with no role assigned leads to 500 error page

Brian Stansberry (JIRA) jira-events at lists.jboss.org
Wed Sep 11 16:18:03 EDT 2013 

    [ https://issues.jboss.org/browse/WFLY-2037?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12803668#comment-12803668 ] 

Brian Stansberry commented on WFLY-2037:
----------------------------------------

I agree with your main points, Darran.

Any default role mapping needs to be explicitly configured. Corporate authentication stores may have thousands of valid users who should have no ability at all to access server administration. IMO the mapping should be done via an "include-all" specification on some role mapping, whichever one(s) the user chooses.

I don't mind providing such a mapping for the Monitor role in our default configs to improve out of the box experience, since it can be turned off. Although, IIRC you've proposed dropping the existing access control config from our default config files???

Re: "That potentially even eliminates the need for the 'simple' access control provider."

The "simple" provider behavior needs to remain a completely no-configuration option, as this is a requirement for backward compatibility. A user upgrading to EAP 6.2 cannot be required to add RBAC config to their existing configuration document to retain existing behavior. So this rules out dropping the current approach and replacing it with "include-all" for the SuperUser role mapping config.
                
> Login as user with no role assigned leads to 500 error page
> -----------------------------------------------------------
>
>                 Key: WFLY-2037
>                 URL: https://issues.jboss.org/browse/WFLY-2037
>             Project: WildFly
>          Issue Type: Sub-task
>          Components: Domain Management
>            Reporter: Jakub Cechacek
>            Assignee: Brian Stansberry
>              Labels: rbac-filed-by-qa
>             Fix For: 8.0.0.Beta1
>
>
> Some message other than the default 500 error page should be displayed in such case. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list