Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-490 Domain Management Role Based Access Control
  3. WFLY-1985

read-attribute operation is leaking value when user is not authorized to read that attribute

    Details

      Description

      This is affecting native interface and consequently CLI - HTTP and JMX have the correct behavior as they aren't simply forwarding the result of native interface.

      [standalone@localhost:9990 /] :whoami(verbose=true)
      {
          "outcome" => "success",
          "result" => {"identity" => {
              "username" => "monitor",
              "realm" => "ManagementRealm"
          }}
      }
      [standalone@localhost:9990 /] /subsystem=datasources/data-source=ExampleDS:read-attribute(name=password)
      {
          "outcome" => "failed",
          "result" => "sa",
          "failure-description" => "JBAS013456: Unauthorized to execute operation 'read-attribute' for resource '[
          (\"subsystem\" => \"datasources\"),
          (\"data-source\" => \"ExampleDS\")
      ]' -- \"Permission denied\"",
          "rolled-back" => true
      }
      

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                lthon Ladislav Thon
                Reporter:
                jcechace Jakub Cechacek
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: