[jboss-jira] [JBoss JIRA] (WFLY-7574) Elytron "expressions-allowed" => true attributes
Darran Lofthouse (JIRA)
issues at jboss.org
Fri Dec 16 13:31:01 EST 2016
[ https://issues.jboss.org/browse/WFLY-7574?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Darran Lofthouse updated WFLY-7574:
-----------------------------------
Fix Version/s: 11.0.0.Alpha1
> Elytron "expressions-allowed" => true attributes
> ------------------------------------------------
>
> Key: WFLY-7574
> URL: https://issues.jboss.org/browse/WFLY-7574
> Project: WildFly
> Issue Type: Bug
> Components: Security
> Reporter: Martin Choma
> Assignee: Jan Kalina
> Fix For: 11.0.0.Alpha1
>
>
> Please review these usage of "expressions-allowed" => true
> * class names and module names
> {code}
> /custom-role-mapper/module
> /custom-role-mapper/class-name
> /constant-permission-mapper/module
> /constant-permission-mapper/class-name
> /simple-permission-mapper/permission-mappings/module
> /simple-permission-mapper/permission-mappings/class-name
> /custom-permission-mapper/module
> /custom-permission-mapper/class-name
> /custom-name-rewriter/module
> /custom-name-rewriter/class-name
> /custom-principal-decoder/module
> /custom-principal-decoder/class-name
> /custom-realm-mapper/module
> /custom-realm-mapper/class-name
> /service-loader-http-server-mechanism-factory/module
> /service-loader-sasl-server-factory/module
> /custom-modifiable-realm/module
> /custom-modifiable-realm/class-name
> /custom-credential-security-factory/module
> /custom-credential-security-factory/class-name
> /custom-role-decoder/module
> /custom-role-decoder/class-name
> /custom-realm/module
> /custom-realm/class-name
> {code}
> Brian: "Traditionally we also don't allow expressions on attributes whose values are classnames or module names
> TBH there is no great reason for that, beyond a feeling that it will allow greater flexibility for future changes at little practical cost
> but it's what we've done and we might as well stick to it"
> * referencing another services
> {code}
> /sasl-authentication-factory/mechanism-configurations/mechanism-realm-configurations
> /http-authentication-factory/mechanism-configurations/mechanism-realm-configurations
> /ldap-key-store/dir-context
> /server-ssl-context/provider-loader
> /client-ssl-context/provider-loader
> /filtering-key-store/key-store
> /dir-context/ssl-context
> /ldap-realm/dir-context
> /trust-managers/key-store
> /trust-managers/provider-loader
> /key-managers/key-store
> /key-managers/provider-loader
> /credential-store/relative-to
> /credential-store/provider-loader
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list