[teiid-issues] [JBoss JIRA] (TEIID-2948) Implement Access Controls on management operations in Teiid

Ramesh Reddy (JIRA) issues at jboss.org
Fri May 9 08:47:56 EDT 2014 

    [ https://issues.jboss.org/browse/TEIID-2948?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12966760#comment-12966760 ] 

Ramesh Reddy commented on TEIID-2948:
-------------------------------------

How are operations handled?

That's interesting; there are only 9 cases of this in the subsystems 
that ship in WF itself. I didn't say this before, but you don't need to 
configure constraints on ops if they are the same as the constraints on 
the target resource.

There's an API for definining an operation that's analogous to 
ResourceDefinition and AttributeDefinition. It's 
org.jboss.as.controller.OperationDefinition. You provide 
AccessConstraintDefinition... to its constructor. You use it from 
ResourceDefinition.registerOperations by calling 
ManagementResourceRegistration.registerOperationHandler(OperationDefinition 
definition, OperationStepHandler handler, [boolean inherited])

An OperationDefinition is usually created using a builder class, 
SimpleOperationDefinitionBuilder that has an addAccessConstraint method, 
just like SimpleAttributeDefinitionBuilder does for attributes.

One of the commits I linked before has a use of this at

https://github.com/wildfly/wildfly/commit/b12fea9#diff-7

You can also see a fair number of examples in the modcluster module in 
that commit.

> Implement Access Controls on management operations in Teiid
> -----------------------------------------------------------
>
>                 Key: TEIID-2948
>                 URL: https://issues.jboss.org/browse/TEIID-2948
>             Project: Teiid
>          Issue Type: Feature Request
>          Components: Server
>            Reporter: Ramesh Reddy
>            Assignee: Ramesh Reddy
>             Fix For: 8.7.1
>
>
> EAP 6.2 and above provides facilities to implement access controls on the management operations. Teiid should implement them on the management operations so that they can be controlled by access level of the user.
> Unfortunately this is not in EAP 6.1.Alpha, so it becomes hard to pull the changes upstream into 8.8



--
This message was sent by Atlassian JIRA
(v6.2.3#6260)

More information about the teiid-issues mailing list