Details
-
Bug
-
Resolution: Done
-
Critical
-
11.0.0.Alpha1
-
None
Description
According to RFE EAP7-548 there must be set access-constraint where are referenced elytron capabilities.
6 places were found where access-constraint missing.
/subsystem=undertow:read-resource-description(recursive=true)
There is http-invoker, attr http-authentication-factory with org.wildfly.security.http-authentication-factory capability.
/subsystem=datasources:read-resource-description(recursive=true)
There is xa-data-source, attr recovery-authentication-context with org.wildfly.security.authentication-context capability.
/subsystem=ejb3:read-resource-description(recursive=true)
There is identity, attr outflow-security-domains with org.wildfly.security.security-domain capability.
/core-service=management/management-interface=http-interface:read-resource-description(recursive=true)
There is sasl-authentication-factory with org.wildfly.security.sasl-authentication-factory capability.
/deployment=test:read-resource-description(recursive=true)
There is xa-data-source, attr recovery-authentication-context with org.wildfly.security.authentication-context capability
and there is same problem in subdeployment resource too.