Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-8973

RBAC, Security subsystem contains attributes with capabilities which don't set access-constraint.

    Details

      Description

      Security subsystem contains attributes with capabilities which don't set access-constraint.

      How to reproduce:

      /subsystem=security:read-resource-description(recursive=true)
      

      Resources elytron-realm, elytron-key-store, elytron-trust-store, elytron-key-manager and elytron-trust-manager all contain attributes that reference a JAAS security domain and that are missing the SECURITY_DOMAIN_REF constraint.

      Furthermore, these resources expose Elytron capabilities and they should also define access constraints. In the Elytron subsystem all resources exposing capabilities use constraints named "elytron-security" and the legacy subsystem resources should follow the same convention for consistency.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  sguilhen Stefan Guilhen
                  Reporter:
                  sguilhen Stefan Guilhen
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  2 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: