[jboss-jira] [JBoss JIRA] (WFCORE-5084) Why does the elytron layer bring in access control?
Brian Stansberry (Jira)
issues at jboss.org
Wed Aug 5 17:41:00 EDT 2020
[ https://issues.redhat.com/browse/WFCORE-5084?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14357489#comment-14357489 ]
Brian Stansberry commented on WFCORE-5084:
------------------------------------------
[~dlofthouse] What did you add it to? There are other ways to get the access-control feature-group besides the elytron layer, so why it wasn't already there depends on what you were adding elytron to.
That said it's not clear to me why the elytron layer adds it itself since as you say it's an aspect of authenticated management in general. The 'management' feature-group, which is used by layers that provide management, itself brings in access-control.
> Why does the elytron layer bring in access control?
> ---------------------------------------------------
>
> Key: WFCORE-5084
> URL: https://issues.redhat.com/browse/WFCORE-5084
> Project: WildFly Core
> Issue Type: Task
> Components: Build System, Management, Security
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Priority: Major
> Fix For: 13.0.0.Beta4
>
>
> The following shows the set of changes created by adding the elytron layer to a provisioned server:
> https://gist.github.com/darranl/68f4a3d60560dae9a9225ec1a0e35a9f/revisions
> This includes the following:
> {code:xml}
> <management>
> <access-control provider="simple">
> <role-mapping>
> <role name="SuperUser">
> <include>
> <user name="$local"/>
> </include>
> </role>
> </role-mapping>
> </access-control>
> </management>
> {code}
> Shouldn't this section be added if any form of authenticated management is added instead?
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
More information about the jboss-jira
mailing list