[jboss-jira] [JBoss JIRA] (WFLY-8973) RBAC, Security subsystem contains attributes with capabilities which don't set access-constraint.

Stefan Guilhen (JIRA) issues at jboss.org
Thu Jun 22 13:49:00 EDT 2017 

     [ https://issues.jboss.org/browse/WFLY-8973?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Stefan Guilhen updated WFLY-8973:
---------------------------------
    Description: 
Security subsystem contains attributes with capabilities which don't set access-constraint.

How to reproduce:
{code}
/subsystem=security:read-resource-description(recursive=true)
{code}
Resources elytron-realm, elytron-key-store, elytron-trust-store, elytron-key-manager and elytron-trust-manager all contain attributes that reference a JAAS security domain and that are missing the SECURITY_DOMAIN_REF constraint.

Furthermore, these resources expose Elytron capabilities and they should also define access constraints. In the Elytron subsystem all resources exposing capabilities use constraints named "elytron-security" and the legacy subsystem resources should follow the same convention for consistency.

  was:
Security subsystem contains attributes with capabilities which don't set access-constraint.

How to reproduce:
{code}
/subsystem=security:read-resource-description(recursive=true)
{code}
Resources elytron-realm, elytron-key-store, elytron-trust-store, elytron-key-manager and elytron-trust-manager all contain attributes that reference a JAAS security domain and that are missing the SECURITY_DOMAIN_REF constraint.



> RBAC, Security subsystem contains attributes with capabilities which don't set access-constraint.
> -------------------------------------------------------------------------------------------------
>
>                 Key: WFLY-8973
>                 URL: https://issues.jboss.org/browse/WFLY-8973
>             Project: WildFly
>          Issue Type: Bug
>          Components: Domain Management, Security
>    Affects Versions: 11.0.0.Alpha1
>            Reporter: Stefan Guilhen
>            Assignee: Stefan Guilhen
>            Priority: Critical
>
> Security subsystem contains attributes with capabilities which don't set access-constraint.
> How to reproduce:
> {code}
> /subsystem=security:read-resource-description(recursive=true)
> {code}
> Resources elytron-realm, elytron-key-store, elytron-trust-store, elytron-key-manager and elytron-trust-manager all contain attributes that reference a JAAS security domain and that are missing the SECURITY_DOMAIN_REF constraint.
> Furthermore, these resources expose Elytron capabilities and they should also define access constraints. In the Elytron subsystem all resources exposing capabilities use constraints named "elytron-security" and the legacy subsystem resources should follow the same convention for consistency.



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list