[jboss-jira] [JBoss JIRA] (WFLY-4976) Access control exceptions missing for non-existing resources

Harald Pehl (JIRA) issues at jboss.org
Tue Jul 21 07:52:03 EDT 2015 

     [ https://issues.jboss.org/browse/WFLY-4976?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Harald Pehl updated WFLY-4976:
------------------------------
    Description: 
When asking for the access control metadata using (r-r-d) on *existing* resources I get an exceptions block: 

{code}
/server-group=*:read-resource-description(access-control=trim-descriptions,operations=true){roles=[main-maintainer,other-monitor]}
{code}

However when using the same operation on *non-existing* roles I don't see an exception block:

{code}
/server-group=*/deployment=*:read-resource-description(access-control=trim-descriptions,operations=true){roles=[main-maintainer,other-monitor]}
{code}

What we would need is a way to *always* get the exceptions no matter whether the resource exists. In the console we create a so-called security context which uses wildcard r-r-d operations like the ones above. This security context is used later on to show / hide UI controls.

  was:
The following setup: user with two scoped roles assigned. maintainer for "main-servers", monitor for "other-servers". Requesting the access control meta data for the server group wildcard ]does not include "exceptions". 

Expected result: the access control meta data response contains an "exception" for each server group (main-server-group & other-server-group)

{code}

[domain at localhost:9999 /] ./server-group=*:read-resource-description(access-control=trim-descriptions, operations=true){roles=main-servers, other-servers}
{
    "outcome" => "success",
    "result" => [{
        "address" => [("server-group" => "*")],
        "outcome" => "success",
        "result" => {
            "description" => undefined,
            "attributes" => undefined,
            "operations" => undefined,
            "children" => {
                "deployment" => {"model-description" => undefined},
                "system-property" => {"model-description" => undefined},
                "jvm" => {"model-description" => undefined},
                "deployment-overlay" => {"model-description" => undefined}
            },
            "access-control" => {
                "default" => {
                    "read" => true,
                    "write" => true,
                    "attributes" => {
                        "socket-binding-port-offset" => {
                            "read" => true,
                            "write" => true
                        },
                        "management-subsystem-endpoint" => {
                            "read" => true,
                            "write" => false
                        },
                        "socket-binding-group" => {
                            "read" => true,
                            "write" => true
                        },
                        "profile" => {
                            "read" => true,
                            "write" => true
                        }
                    },
                    "operations" => {
                        "read-children-names" => {"execute" => true},
                        "read-operation-description" => {"execute" => true},
                        "remove" => {"execute" => true},
                        "read-resource-description" => {"execute" => true},
                        "stop-servers" => {"execute" => true},
                        "read-resource" => {"execute" => true},
                        "add" => {"execute" => true},
                        "read-attribute" => {"execute" => true},
                        "whoami" => {"execute" => true},
                        "read-children-types" => {"execute" => true},
                        "read-operation-names" => {"execute" => true},
                        "undefine-attribute" => {"execute" => true},
                        "start-servers" => {"execute" => true},
                        "read-children-resources" => {"execute" => true},
                        "restart-servers" => {"execute" => true},
                        "replace-deployment" => {"execute" => true},
                        "write-attribute" => {"execute" => true}
                    }
                },
                "exceptions" => {}
            }
        }
    }]
}

{code}




> Access control exceptions missing for non-existing resources
> ------------------------------------------------------------
>
>                 Key: WFLY-4976
>                 URL: https://issues.jboss.org/browse/WFLY-4976
>             Project: WildFly
>          Issue Type: Bug
>          Components: Domain Management
>            Reporter: Harald Pehl
>            Assignee: Brian Stansberry
>
> When asking for the access control metadata using (r-r-d) on *existing* resources I get an exceptions block: 
> {code}
> /server-group=*:read-resource-description(access-control=trim-descriptions,operations=true){roles=[main-maintainer,other-monitor]}
> {code}
> However when using the same operation on *non-existing* roles I don't see an exception block:
> {code}
> /server-group=*/deployment=*:read-resource-description(access-control=trim-descriptions,operations=true){roles=[main-maintainer,other-monitor]}
> {code}
> What we would need is a way to *always* get the exceptions no matter whether the resource exists. In the console we create a so-called security context which uses wildcard r-r-d operations like the ones above. This security context is used later on to show / hide UI controls.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

More information about the jboss-jira mailing list