[jboss-jira] [JBoss JIRA] (WFCORE-639) ManagementPermissionAuthorizer is limited to the standard roles for its authorizeJmxOperation impl
Brian Stansberry (JIRA)
issues at jboss.org
Fri Apr 10 12:30:19 EDT 2015
Brian Stansberry created WFCORE-639:
---------------------------------------
Summary: ManagementPermissionAuthorizer is limited to the standard roles for its authorizeJmxOperation impl
Key: WFCORE-639
URL: https://issues.jboss.org/browse/WFCORE-639
Project: WildFly Core
Issue Type: Bug
Components: Domain Management
Reporter: Brian Stansberry
ManagementPermissionAuthorizer.authorizeJmxOperation uses hard coded decision making based on the standard 7 roles. This is inflexible and specifically doesn't allow scoped roles to function properly.
I believe the JmxPermissionFactory interface needs to be redone to use permissions instead of role names. It should have an API more like org.jboss.as.controller.access.permission.PermissionFactory, with getUserPermissions and getRequiredPermissions. Something like
PermissionCollection getUserPermissions(Caller caller, Environment callEnvironment, JmxAction action)
PermissionCollection getRequiredPermissions(JmxAction action);
Then ManagementPermissionAuthorizer.authorizeJmxOperation does a permission match check similar to what it does for management resource permissions.
--
This message was sent by Atlassian JIRA
(v6.3.11#6341)
More information about the jboss-jira
mailing list