Uploaded image for project: 'WildFly Core'
  1. WildFly Core
  2. WFCORE-554

Unintuitive CLI behavior with 'rbac' enabled and no security-realm configured on mangement interface

    XMLWordPrintable

Details

    • Enhancement
    • Status: Resolved (View Workflow)
    • Minor
    • Resolution: Done
    • None
    • 1.0.0.Beta1
    • CLI
    • None

    Description

      See WFCORE-272 for background; this issue is to track the CLI part of my comment of 2014/01/28.

      With no security realm configured on the management interface and the 'rbac' provider chosen, CLI behavior is not very intuitive. You can connect and you get the [standalone@localhost:9990 /] prompt. But if you attempt to do anything that requires server-side work you get various errors indicating you aren't authorized.

      E.g.:

      $ bin/jboss-cli.sh -c
      [standalone@localhost:9990 /] ls
      Failed to fetch the list of children: {
          "outcome" => "failed",
          "failure-description" => "WFLYCTL0313: Unauthorized to execute operation 'composite' for resource '[]' -- \"WFLYCTL0332: Permission denied\"",
          "rolled-back" => true
      }
      

      In this situation the user is not going to have permissions to do much of anything at all, so it would be good to detect that somehow and respond accordingly. (The lack of a security realm means there is no way to map the user to a role. They can log in but they are not in any role and thus have no permissions.)

      Attachments

        Issue Links

          Activity

            People

              olubyans@redhat.com Oleksiy Lubyanskyy
              bstansbe@redhat.com Brian Stansberry
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: