Details
-
Bug
-
Resolution: Done
-
Major
-
9.0.0.Alpha4
-
None
Description
Create user with admin role, but without ___script_manager and ___schema_manager roles
Start the server with security enabled.
e.g. standalone with attached configuration (but the issue is present in domain mode as well)
bin/standalone.sh -c standalone-auth.xml
click on cache container -> configuration
result: the console is stuck with loading icon (it's still responding)
Server log show:
ERROR [org.jboss.as.controller.management-operation] (External Management Request Threads – 9) WFLYCTL0013: Operation ("get-proto-schema-names") failed - address: ([
"subsystem",
"datagrid-infinispan",
"cache-container",
"local"
]) - failure description: "DGISPN0118: Failed to invoke operation: ISPN000287: Unauthorized access: subject 'Subject with principal(s): [org.jboss.as.core.security.SimplePrincipal@36ebcb, user@ManagementRealm, admin@ManagementRealm, InetAddressPrincipal <127.0.0.1/127.0.0.1>]' lacks 'BULK_READ' permission"
Expected result: there should be an error message in the console informing the user that he doesn't have required permissions.
Another issue: User have admin role, so he should be able to access configuration page, he shouldn't be able to access scripts and schemes configuration because he lacks ,___script_manager and ___schema_manager
Attachments
Issue Links
- relates to
-
-
- Closed
-
