[jboss-jira] [JBoss JIRA] (WFLY-8973) RBAC, Security subsystem contains attributes with capabilities which don't set access-constraint.
Stefan Guilhen (JIRA)
issues at jboss.org
Tue Jun 20 21:51:00 EDT 2017
[ https://issues.jboss.org/browse/WFLY-8973?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Stefan Guilhen updated WFLY-8973:
---------------------------------
Description:
Security subsystem contains attributes with capabilities which don't set access-constraint.
All of them have Elytron compatibility capability and I expect there some access constraint too.
How to reproduce:
{code}
/subsystem=security:read-resource-description(recursive=true)
{code}
Resources elytron-realm, elytron-key-store, elytron-trust-store, elytron-key-manager and elytron-trust-manager all contain attributes that reference a JAAS security domain and that are missing the SECURITY_DOMAIN_REF constraint.
> RBAC, Security subsystem contains attributes with capabilities which don't set access-constraint.
> -------------------------------------------------------------------------------------------------
>
> Key: WFLY-8973
> URL: https://issues.jboss.org/browse/WFLY-8973
> Project: WildFly
> Issue Type: Bug
> Components: Domain Management, Security
> Affects Versions: 11.0.0.Alpha1
> Reporter: Stefan Guilhen
> Assignee: Stefan Guilhen
>
> Security subsystem contains attributes with capabilities which don't set access-constraint.
> All of them have Elytron compatibility capability and I expect there some access constraint too.
> How to reproduce:
> {code}
> /subsystem=security:read-resource-description(recursive=true)
> {code}
> Resources elytron-realm, elytron-key-store, elytron-trust-store, elytron-key-manager and elytron-trust-manager all contain attributes that reference a JAAS security domain and that are missing the SECURITY_DOMAIN_REF constraint.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list