Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 10.0.0.Final
Affects Version/s: None
Component/s: Management
Labels:
None

The following setup: user with two scoped roles assigned. maintainer for "main-servers", monitor for "other-servers". Requesting the access control meta data for the server group wildcard ]does not include "exceptions".

Expected result: the access control meta data response contains an "exception" for each server group (main-server-group & other-server-group)

[domain@localhost:9999 /] ./server-group=*:read-resource-description(access-control=trim-descriptions, operations=true){roles=main-servers, other-servers}
{
    "outcome" => "success",
    "result" => [{
        "address" => [("server-group" => "*")],
        "outcome" => "success",
        "result" => {
            "description" => undefined,
            "attributes" => undefined,
            "operations" => undefined,
            "children" => {
                "deployment" => {"model-description" => undefined},
                "system-property" => {"model-description" => undefined},
                "jvm" => {"model-description" => undefined},
                "deployment-overlay" => {"model-description" => undefined}
            },
            "access-control" => {
                "default" => {
                    "read" => true,
                    "write" => true,
                    "attributes" => {
                        "socket-binding-port-offset" => {
                            "read" => true,
                            "write" => true
                        },
                        "management-subsystem-endpoint" => {
                            "read" => true,
                            "write" => false
                        },
                        "socket-binding-group" => {
                            "read" => true,
                            "write" => true
                        },
                        "profile" => {
                            "read" => true,
                            "write" => true
                        }
                    },
                    "operations" => {
                        "read-children-names" => {"execute" => true},
                        "read-operation-description" => {"execute" => true},
                        "remove" => {"execute" => true},
                        "read-resource-description" => {"execute" => true},
                        "stop-servers" => {"execute" => true},
                        "read-resource" => {"execute" => true},
                        "add" => {"execute" => true},
                        "read-attribute" => {"execute" => true},
                        "whoami" => {"execute" => true},
                        "read-children-types" => {"execute" => true},
                        "read-operation-names" => {"execute" => true},
                        "undefine-attribute" => {"execute" => true},
                        "start-servers" => {"execute" => true},
                        "read-children-resources" => {"execute" => true},
                        "restart-servers" => {"execute" => true},
                        "replace-deployment" => {"execute" => true},
                        "write-attribute" => {"execute" => true}
                    }
                },
                "exceptions" => {}
            }
        }
    }]
}

blocks

HAL-259 Security child contexts for instance based meta data

Resolved

is blocked by

WFLY-2583 Support multiple run-as roles from CLI and HTTP clients

Closed

is cloned by

WFCORE-832 Access control exceptions missing for non-existent resources

Resolved

Assignee:: Harald Pehl

Reporter:: Heiko Braun

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2013/10/16 7:53 AM

Updated:: 2020/09/14 5:35 AM

Resolved:: 2013/12/03 5:42 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates