[jboss-jira] [JBoss JIRA] (ELY-861) Role assignment not possible for "anonymous" identity
David Lloyd (JIRA)
issues at jboss.org
Wed Jan 4 12:19:00 EST 2017
[ https://issues.jboss.org/browse/ELY-861?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13343281#comment-13343281 ]
David Lloyd commented on ELY-861:
---------------------------------
The RoleDecoder is responsible for getting the roles from the authorization identity. The domain stores a RoleDecoder with each RealmInfo. The SecurityDomain's anonymous identity is constructed from an empty per-Domain RealmInfo and the org.wildfly.security.authz.AuthorizationIdentity#EMPTY identity. The per-Domain RealmInfo is constructed with the org.wildfly.security.authz.RoleDecoder#DEFAULT role decoder. This decoder simply reads roles off of the "Roles" attribute key, which will be empty for the anonymous identity.
One simple solution is to have configuration options for the anonymous identity's role mapper or decoder, which can simply return the set of roles that the anonymous identity should have.
> Role assignment not possible for "anonymous" identity
> -----------------------------------------------------
>
> Key: ELY-861
> URL: https://issues.jboss.org/browse/ELY-861
> Project: WildFly Elytron
> Issue Type: Bug
> Components: API / SPI
> Reporter: Darran Lofthouse
> Priority: Critical
> Fix For: 1.1.0.Beta19
>
>
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list