Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-19614

[GSS](7.3.z) In Domain Mode, Commands such as Reload and Restart Don't Appear in Management Console With RBAC Enabled

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Critical Critical
    • None
    • 7.3.0.GA, 7.2.7.GA
    • None
    • Hide
      1. When the server is selected in the above reproduction steps, click "view" to open the page for the server
      2. Then click "<< back" at the top left of the new page to return to where you were
      3. Click the down arrow again next to View, and the full menu will appear.
      Show
      When the server is selected in the above reproduction steps, click "view" to open the page for the server Then click "<< back" at the top left of the new page to return to where you were Click the down arrow again next to View, and the full menu will appear.
    • Hide
      1. Unzip Default installation
      2. Edit domain.xml enabling RBAC and add a mapping from group SuperUser to the role
              <access-control provider="rbac">
            <role-mapping>
                <role name="SuperUser">
                    <include>
                        <group name="SuperUser"/>
                    </include>
                </role>
            </role-mapping>
        </access-control>
      1. Use add-user.sh script to add a user with the SuperUser Group
      2. Start default host-master and host-slave.
        $ ./bin/domain.sh --host-config=host-master.xml
        $ ./bin/domain.sh -Djboss.domain.master.address=localhost -Djboss.management.http.port=10990 --host-config=host-slave.xml
      3. Open in browser (tested chrome) http://localhost:9990 and login as the user created above.
      4. Navigate to Runtime -> Server Groups -> main-server-group -> server-one
      5. Click the down arrow next to "View" and you only See "Edit URL".

      In the browser console, you will see warnings like:

      14:32:41.940 WARN  o.j.h.m.security.AuthorisationDecision   No security context found for executable({selected.host}/subsystem=core-management/service=configuration-changes:add)
index.html:1:28353
14:32:42.004 WARN  o.j.h.m.security.AuthorisationDecision   No security context found for executable({selected.host}/subsystem=core-management/service=configuration-changes:add)
index.html:1:28353
14:32:42.007 WARN  o.j.h.m.security.AuthorisationDecision   No security context found for executable(host=<host>:reload)
index.html:1:28353
14:32:42.008 WARN  o.j.h.m.security.AuthorisationDecision   No security context found for executable(host=<host>:shutdown)
      Show
      Unzip Default installation Edit domain.xml enabling RBAC and add a mapping from group SuperUser to the role <access-control provider= "rbac" > <role-mapping> <role name= "SuperUser" > <include> <group name= "SuperUser" /> </include> </role> </role-mapping> </access-control> Use add-user.sh script to add a user with the SuperUser Group Start default host-master and host-slave. $ ./bin/domain.sh --host-config=host-master.xml $ ./bin/domain.sh -Djboss.domain.master.address=localhost -Djboss.management.http.port=10990 --host-config=host-slave.xml Open in browser (tested chrome) http://localhost:9990 and login as the user created above. Navigate to Runtime -> Server Groups -> main-server-group -> server-one Click the down arrow next to "View" and you only See "Edit URL". In the browser console, you will see warnings like: 14:32:41.940 WARN o.j.h.m.security.AuthorisationDecision No security context found for executable({selected.host}/subsystem=core-management/service=configuration-changes:add) index.html:1:28353 14:32:42.004 WARN o.j.h.m.security.AuthorisationDecision No security context found for executable({selected.host}/subsystem=core-management/service=configuration-changes:add) index.html:1:28353 14:32:42.007 WARN o.j.h.m.security.AuthorisationDecision No security context found for executable(host=<host>:reload) index.html:1:28353 14:32:42.008 WARN o.j.h.m.security.AuthorisationDecision No security context found for executable(host=<host>:shutdown)

      Logging into the management console on the Domain Controller with RBAC enabled and the user has either Administrator or SuperUser permissions.

      Go to Runtime -> Server Groups -> <Server Group> -> <Server>
      Click the down arrow next to "View" and you only See "Edit URL".

      Commands that don't appear:
      Copy, Reload, Restart, Suspend, Stop, Destroy, Kill

      This has been shown to appear with both elytron and legacy security, and both with http-remote and legacy remoting connection between the domain and slave. It was also tested using Elytron LDAP authentication on the management console.

              spyrkob Bartosz Spyrko-Smietanko
              rhn-support-dguthrie David Guthrie
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: