Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-490 Domain Management Role Based Access Control
  3. WFLY-2139

ProxyStepHandler/Controller need to check access before attempting to read information


    • Icon: Sub-task Sub-task
    • Resolution: Done
    • Icon: Major Major
    • 8.0.0.Beta1
    • None
    • Management, Security
    • None

      This affects things like recursive :read-resource(-description) :read-children-resources and so on. The problem as it stands is that if you have, say, a host scoped role scoped to host=master, and there is also a slave host controller, and you try to :read-resource(recursive=true,proxies=true), the master will list the slave host controller in its list of child addresses. It will then execute /host=slave:read-resource(recursive=true,proxies=true), which will fail and roll back the tx since the master host scoped role does not have access to that resource.

            kkhan1@redhat.com Kabir Khan
            kkhan1@redhat.com Kabir Khan
            0 Vote for this issue
            2 Start watching this issue