[jboss-jira] [JBoss JIRA] (WFCORE-1533) Integrate Management Access Control permission assignment with Elytron
Darran Lofthouse (JIRA)
issues at jboss.org
Fri May 6 06:28:00 EDT 2016
Darran Lofthouse created WFCORE-1533:
----------------------------------------
Summary: Integrate Management Access Control permission assignment with Elytron
Key: WFCORE-1533
URL: https://issues.jboss.org/browse/WFCORE-1533
Project: WildFly Core
Issue Type: Feature Request
Components: Domain Management, Security
Reporter: Darran Lofthouse
Assignee: Darran Lofthouse
Fix For: 3.0.0.Alpha1
A big portion of management role based access control is taking the assigned roles and then mapping these to the permissions for that role.
Elytron provides a new PermissionMapper interface that takes a SecurityIdentity and the roles mapped for that identity and returns a PermissionVerifier which can be as simple as a wrapper around a PermissionCollection.
This will also be a good opportunity to start to move the role mapping out of the core management model to Elytron.
After that Elytron allows for custom PermissionMapper implementations to be provided and associated with the domain using capabilities and requirements so we arrive at a point where provided the permission checks performed by management are generic enough custom PermissionMapper / PermissionVerifier implementations can be added that may or may not be role based.
_Note: As with everything we are doing old and new need to be supported in parallel for a while although this may be achieved by providing default Elytron implementations that are wrappers around the old._
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list