[jboss-jira] [JBoss JIRA] (WFLY-8316) Mapping roles in legacy security domain is ignored when this domain is used as Elytron realm
Stefan Guilhen (JIRA)
issues at jboss.org
Tue Jul 4 15:47:00 EDT 2017
[ https://issues.jboss.org/browse/WFLY-8316?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Stefan Guilhen reassigned WFLY-8316:
------------------------------------
Assignee: Stefan Guilhen (was: Darran Lofthouse)
> Mapping roles in legacy security domain is ignored when this domain is used as Elytron realm
> --------------------------------------------------------------------------------------------
>
> Key: WFLY-8316
> URL: https://issues.jboss.org/browse/WFLY-8316
> Project: WildFly
> Issue Type: Bug
> Components: Security
> Reporter: Ondrej Lukas
> Assignee: Stefan Guilhen
> Priority: Critical
> Attachments: print-roles.war
>
>
> In case when legacy security domain is used as Elytron realm then roles assigned in mapping are unavailable in Elytron security realm.
> e.g. when UsersRoles login module, which assigns role JBossAdmin to user admin is used and then role User is assigned for user admin in SimpleRoles mapping module through:
> {code}
> <mapping>
> <mapping-module code="SimpleRoles" type="role">
> <module-option name="admin" value="User"/>
> </mapping-module>
> </mapping>
> {code}
> then only role JBossAdmin is available for Elytron. Following appears in server log:
> {code}
> Authorizing against the following attributes: [Roles, CallerPrincipal] => [JBossAdmin, admin]
> {code}
> In case when this legacy security domain is used directly as PicketBox security domain, then both roles, JBossAdmin and User, are assigned to user admin.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list