[jboss-jira] [JBoss JIRA] (WFCORE-639) ManagementPermissionAuthorizer is limited to the standard roles for its authorizeJmxOperation impl
ehsavoie Hugonnet (JIRA)
issues at jboss.org
Wed Apr 15 09:44:18 EDT 2015
[ https://issues.jboss.org/browse/WFCORE-639?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
ehsavoie Hugonnet reassigned WFCORE-639:
----------------------------------------
Assignee: ehsavoie Hugonnet
> ManagementPermissionAuthorizer is limited to the standard roles for its authorizeJmxOperation impl
> --------------------------------------------------------------------------------------------------
>
> Key: WFCORE-639
> URL: https://issues.jboss.org/browse/WFCORE-639
> Project: WildFly Core
> Issue Type: Bug
> Components: Domain Management
> Reporter: Brian Stansberry
> Assignee: ehsavoie Hugonnet
>
> ManagementPermissionAuthorizer.authorizeJmxOperation uses hard coded decision making based on the standard 7 roles. This is inflexible and specifically doesn't allow scoped roles to function properly.
> I believe the JmxPermissionFactory interface needs to be redone to use permissions instead of role names. It should have an API more like org.jboss.as.controller.access.permission.PermissionFactory, with getUserPermissions and getRequiredPermissions. Something like
> PermissionCollection getUserPermissions(Caller caller, Environment callEnvironment, JmxAction action)
> PermissionCollection getRequiredPermissions(JmxAction action);
> Then ManagementPermissionAuthorizer.authorizeJmxOperation does a permission match check similar to what it does for management resource permissions.
--
This message was sent by Atlassian JIRA
(v6.3.11#6341)
More information about the jboss-jira
mailing list