[jboss-jira] [JBoss JIRA] (WFCORE-639) ManagementPermissionAuthorizer is limited to the standard roles for its authorizeJmxOperation impl

Wed Jun 10 15:50:03 EDT 2015

    [ https://issues.jboss.org/browse/WFCORE-639?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13077076#comment-13077076 ] 

RH Bugzilla Integration commented on WFCORE-639:
------------------------------------------------

Brad Maxwell <bmaxwell at redhat.com> changed the Status of [bug 1230394|https://bugzilla.redhat.com/show_bug.cgi?id=1230394] from NEW to POST

> ManagementPermissionAuthorizer is limited to the standard roles for its authorizeJmxOperation impl
> --------------------------------------------------------------------------------------------------
>
>                 Key: WFCORE-639
>                 URL: https://issues.jboss.org/browse/WFCORE-639
>             Project: WildFly Core
>          Issue Type: Bug
>          Components: Domain Management
>            Reporter: Brian Stansberry
>            Assignee: ehsavoie Hugonnet
>             Fix For: 2.0.0.Alpha3
>
>
> ManagementPermissionAuthorizer.authorizeJmxOperation uses hard coded decision making based on the standard 7 roles. This is inflexible and specifically doesn't allow scoped roles to function properly.
> I believe the JmxPermissionFactory interface needs to be redone to use permissions instead of role names. It should have an API more like org.jboss.as.controller.access.permission.PermissionFactory, with getUserPermissions and getRequiredPermissions. Something like 
> PermissionCollection getUserPermissions(Caller caller, Environment callEnvironment, JmxAction action)
> PermissionCollection getRequiredPermissions(JmxAction action);
> Then ManagementPermissionAuthorizer.authorizeJmxOperation does a permission match check similar to what it does for management resource permissions.


--
This message was sent by Atlassian JIRA
(v6.3.15#6346)