[jboss-jira] [JBoss JIRA] (WFLY-8316) Mapping roles in legacy security domain is ignored when this domain is used as Elytron realm
Ondrej Lukas (JIRA)
issues at jboss.org
Wed Mar 8 03:54:05 EST 2017
Ondrej Lukas created WFLY-8316:
----------------------------------
Summary: Mapping roles in legacy security domain is ignored when this domain is used as Elytron realm
Key: WFLY-8316
URL: https://issues.jboss.org/browse/WFLY-8316
Project: WildFly
Issue Type: Bug
Components: Security
Reporter: Ondrej Lukas
Assignee: Darran Lofthouse
Priority: Critical
In case when legacy security domain is used as Elytron realm then roles assigned in mapping are unavailable in Elytron security realm.
e.g. when UsersRoles login module, which assigns role JBossAdmin to user admin is used and then role User is assigned for user admin in SimpleRoles mapping module through:
{code}
<mapping>
<mapping-module code="SimpleRoles" type="role">
<module-option name="admin" value="User"/>
</mapping-module>
</mapping>
{code}
then only role JBossAdmin is available for Elytron. Following appears in server log:
{code}
Authorizing against the following attributes: [Roles, CallerPrincipal] => [JBossAdmin, admin]
{code}
In case when this legacy security domain is used directly as PicketBox security domain, then both roles, JBossAdmin and User, are assigned to user admin.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list