Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-490 Domain Management Role Based Access Control
  3. WFLY-1818

Allow ModelControllerClient configurations to disable the JBOSS_LOCAL_USER SASL mechanism

    Details

      Description

      The ModelControllerClient ClientConfiguration interface allows passing in a "saslOptions" map, which gets passed to xnio. Remoting also supports an "Options.SASL_DISALLOWED_MECHANISMS" Option but does not look to the saslOptions map for that. This makes it difficult for a ModelControllerClient user to disallow a mechanism, specifically JBOSS_LOCAL_USER.

      This makes building integration tests for RBAC very difficult, since the JBOSS_LOCAL_USER mechanism will get preference, the desired user account will not be used, and the intended role mapping will not occur.

      Intended fix is to have ProtocolConnectionUtils, which sets up the remoting OptionMap, look for a "SASL_DISALLOWED_MECHANISMS" key in saslOptions and if found set up the Remoting Option.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                brian.stansberry Brian Stansberry
                Reporter:
                brian.stansberry Brian Stansberry
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: