Uploaded image for project: 'HAL'
  1. HAL
  2. HAL-1756

LDAP user w/o correct RBAC role should get "Access denied" dialog when try to access admin console

    XMLWordPrintable

Details

    • Bug
    • Resolution: Cannot Reproduce
    • Major
    • 3.4.1.Final
    • None
    • None
    • None
    • 1
    • Hide

      Download all attachements two a folder

      1. docker build --tag wildfly-admin - < Dockerfile
      2. docker compose up
      3. Wait until everything is up and ready
      4. jboss-cli.sh --connect --user=admin --password=admin --file=commands.cli
        (I'm using a jboss-cli script in my ~/bin folder to connect to the WildFly instance running in the container and execute the CLI commands)
      5. Open http://localhost:9990 and login with "userWithMoreRoles" and "admin" → OK
      6. Close the browser completely (not only the current tab)!
      7. Open http://localhost:9990 and login with "userWithoutRole" and "admin" → error page
      Show
      Download all attachements two a folder docker build --tag wildfly-admin - < Dockerfile docker compose up Wait until everything is up and ready jboss-cli.sh --connect --user=admin --password=admin --file=commands.cli (I'm using a jboss-cli script in my ~/bin folder to connect to the WildFly instance running in the container and execute the CLI commands) Open http://localhost:9990  and login with "userWithMoreRoles" and "admin" → OK Close the browser completely (not only the current tab)! Open http://localhost:9990  and login with "userWithoutRole" and "admin" → error page

    Description

      Preconditions:

      • enable RBAC
      • configure LDAP ream,
      • assign a LDAP group 'JBossAdmin' to SuperUser role

      When a user not in JBossAdmin group logs into HAL, the "Connecting to management console" dialog shows up. Instead a "Access denied" page should show up.

       

      Attachments

        1. bootstrap.ldif
          1 kB
        2. commands.cli
          1 kB
        3. docker-compose.yml
          0.9 kB
        4. Dockerfile
          0.2 kB

        Issue Links

          relates to

          Enhancement - An enhancement to or refactoring of existing functionality that is not configurable by an end user (typically a change made by an internal team that affects users) HAL-636 Enhance the bootstrap server setup process

          • Minor - To be worked after urgent, high, and medium priorities are resolved. This term is chosen when the severity of the issue is low, or the complexity or effort to correct it may be higher, relatively speaking. For low priority issues, known workarounds exist or are not needed due to the trivial effort needed to address the issue.
          • Resolved

          Activity

            People

              hpehl@redhat.com Harald Pehl
              hpehl@redhat.com Harald Pehl
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: