Uploaded image for project: 'WildFly Core'
  1. WildFly Core
  2. WFCORE-639

ManagementPermissionAuthorizer is limited to the standard roles for its authorizeJmxOperation impl

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 2.0.0.Alpha3
    • None
    • Management
    • None

    Description

      ManagementPermissionAuthorizer.authorizeJmxOperation uses hard coded decision making based on the standard 7 roles. This is inflexible and specifically doesn't allow scoped roles to function properly.

      I believe the JmxPermissionFactory interface needs to be redone to use permissions instead of role names. It should have an API more like org.jboss.as.controller.access.permission.PermissionFactory, with getUserPermissions and getRequiredPermissions. Something like

      PermissionCollection getUserPermissions(Caller caller, Environment callEnvironment, JmxAction action)

      PermissionCollection getRequiredPermissions(JmxAction action);

      Then ManagementPermissionAuthorizer.authorizeJmxOperation does a permission match check similar to what it does for management resource permissions.

      Attachments

        Activity

          People

            ehugonne1@redhat.com Emmanuel Hugonnet
            bstansbe@redhat.com Brian Stansberry
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: