[jboss-jira] [JBoss JIRA] (WFLY-2891) Not authorised write operation does not get audit logged if log-read-only="false"
RH Bugzilla Integration (JIRA)
issues at jboss.org
Thu May 1 17:59:57 EDT 2014
[ https://issues.jboss.org/browse/WFLY-2891?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12964981#comment-12964981 ]
RH Bugzilla Integration commented on WFLY-2891:
-----------------------------------------------
Kabir Khan <kkhan at redhat.com> changed the Status of [bug 1092203|https://bugzilla.redhat.com/show_bug.cgi?id=1092203] from POST to MODIFIED
> Not authorised write operation does not get audit logged if log-read-only="false"
> ---------------------------------------------------------------------------------
>
> Key: WFLY-2891
> URL: https://issues.jboss.org/browse/WFLY-2891
> Project: WildFly
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Domain Management
> Affects Versions: 8.0.0.CR1
> Reporter: Kabir Khan
> Assignee: Brian Stansberry
> Fix For: 8.1.0.CR1
>
>
> This is because audit logging uses the controller lock to find out if the model was a write operation. If rbac is enabled and an operation is not authorised, the error happens before the controller lock is taken. So if audit log log-read-only="false" the failed operation does not get logged.
--
This message was sent by Atlassian JIRA
(v6.2.3#6260)
More information about the jboss-jira
mailing list