Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-490 Domain Management Role Based Access Control
  3. WFLY-2444

Missing filtering response header from type=*:read-resource

XMLWordPrintable

    • Icon: Sub-task Sub-task
    • Resolution: Done
    • Icon: Major Major
    • 8.0.0.CR1
    • 8.0.0.Beta1
    • Management
    • None

      No indication that data was filtered when running read-resource against a wildcard address.

      [standalone@localhost:9990 /] /core-service=management/security-realm=*:read-resource

      {roles=Monitor}
      {
      "outcome" => "success",
      "result" => []
      }

      If you make a non-addressable resource addressable, but still non-readable, you get the same result:



      [standalone@localhost:9990 /] /subsystem=security/security-domain=*:read-resource{roles=Monitor}

      {
      "outcome" => "success",
      "result" => []
      }

      This latter condition is more problematic, as the user has no clue that some security-domains exist but no data was provided, even though the user has the right to know about their existence.

              bstansbe@redhat.com Brian Stansberry
              bstansbe@redhat.com Brian Stansberry
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: