[jboss-jira] [JBoss JIRA] (WFCORE-554) Unintuitive CLI behavior with 'rbac' enabled and no security-realm configured on mangement interface
Brian Stansberry (JIRA)
issues at jboss.org
Thu Feb 19 07:51:49 EST 2015
Brian Stansberry created WFCORE-554:
---------------------------------------
Summary: Unintuitive CLI behavior with 'rbac' enabled and no security-realm configured on mangement interface
Key: WFCORE-554
URL: https://issues.jboss.org/browse/WFCORE-554
Project: WildFly Core
Issue Type: Enhancement
Components: CLI
Reporter: Brian Stansberry
Assignee: Alexey Loubyansky
Priority: Minor
See WFCORE-272 for background; this issue is to track the CLI part of my comment of 2014/01/28.
With no security realm configured on the management interface and the 'rbac' provider chosen, CLI behavior is not very intuitive. You can connect and you get the [standalone at localhost:9990 /] prompt. But if you attempt to do anything that requires server-side work you get various errors indicating you aren't authorized.
E.g.:
{code}
$ bin/jboss-cli.sh -c
[standalone at localhost:9990 /] ls
Failed to fetch the list of children: {
"outcome" => "failed",
"failure-description" => "WFLYCTL0313: Unauthorized to execute operation 'composite' for resource '[]' -- \"WFLYCTL0332: Permission denied\"",
"rolled-back" => true
}
{code}
In this situation the user is not going to have permissions to do much of anything at all, so it would be good to detect that somehow and respond accordingly. (The lack of a security realm means there is no way to map the user to a role. They can log in but they are not in any role and thus have no permissions.)
--
This message was sent by Atlassian JIRA
(v6.3.11#6341)
More information about the jboss-jira
mailing list