Uploaded image for project: 'WildFly Core'
  1. WildFly Core
  2. WFCORE-13

End users can call non-published management API operations

    XMLWordPrintable

    Details

      Description

      It's not possible to call "non-published" operations (those that are not visible in the resource tree, e.g. describe) via JMX, while it's entirely possible to call them via CLI (e.g. /subsystem=security:describe) and other management interfaces.

      The problem lies in the fact that ModelControllerMBeanHelper.invoke method checks if (!accessControl.isExecutableOperation(operationName)) and the isExecutableOperation method assumes that the operation will be visible in the resource tree. In fact, there is a comment stating should not happen, but now we know that it indeed can happen.

      What's more, it gives a misleading error message. The isExecutableOperation returns false for unknown operations, which results in Not authorized to invoke operation message. Which is wrong in two different ways simultaneously: 1. the problem isn't authorization, but the fact that the operation can't be found; 2. the user (e.g. in the SuperUser role) is authorized.

      I'm considering this low priority, because 1. JMX is likely to be very rarely used to access the management interface, 2. hiding information isn't nearly as important as leaking them, 3. non-published operations aren't nearly as important as the published ones. It's worth a JIRA nevertheless.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              bstansbe@redhat.com Brian Stansberry
              Reporter:
              lthon@redhat.com Ladislav Thon
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: