[jboss-jira] [JBoss JIRA] (WFLY-1895) Provide a "default" role for management users with no other role specified

Brian Stansberry (JIRA) issues at jboss.org
Tue Jan 28 14:19:29 EST 2014 

    [ https://issues.jboss.org/browse/WFLY-1895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12939389#comment-12939389 ] 

Brian Stansberry commented on WFLY-1895:
----------------------------------------

With no security realm configured on the interface and the 'simple' provider chosen, behavior is as expected: anyone can connect and administer.

With no security realm configured on the interface and the 'rbac' provider chosen, console behavior is pretty good. The user gets an unauthorized dialogue with no prompt to authenticate. Minor flaw is that dialogue is dismissed with a button that says "Logout" which in incorrect, since in this case the user didn't log in.

With no security realm configured on the interface and the 'rbac' provider chosen, CLI behavior is not very intuitive. You can connect and you get the [standalone at localhost:9990 /] prompt. But if you attempt to do anything the requires server-side work you get various errors indicating your aren't authorized.
                
> Provide a "default" role for management users with no other role specified
> --------------------------------------------------------------------------
>
>                 Key: WFLY-1895
>                 URL: https://issues.jboss.org/browse/WFLY-1895
>             Project: WildFly
>          Issue Type: Enhancement
>      Security Level: Public(Everyone can see) 
>          Components: Domain Management, Security
>            Reporter: Jakub Cechacek
>            Assignee: Brian Stansberry
>              Labels: rbac-filed-by-qa
>             Fix For: 8.0.0.Final
>
>
> Currently it seems that when using RBAC provider users with no defined role are unable to read domain model at all.  Consequently logging into Admin Console leads to 500 error page. Similar errors in CLI. 
> In relation to this, it should be considered what is the expected behavior of unsecured management interface. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list