Step 1 of 4: Choose Issues

Cancel

T Key P Status Assignee Summary Created Updated Fix Version/s
Sub-task WFLY-2572 Major Closed Brian Stansberry

WFLY-490 OperationContext.readResourceFromRoot throws UnauthorizedException even when the user doesn't have 'address' perms

8.0.0.CR1
Sub-task WFLY-2444 Major Closed Brian Stansberry

WFLY-490 Missing filtering response header from type=*:read-resource

8.0.0.CR1
Sub-task WFLY-2412 Major Closed Darran Lofthouse

WFLY-490 Security Realm and LDAP Connection incorrectly available as resourced under core-services=management in domain mode.

8.0.0.CR1
Sub-task WFLY-2394 Blocker Closed Darran Lofthouse

WFLY-490 AccessControlContext and management users Subject leaking into thread pool of host controller executor.

8.0.0.CR1
Sub-task WFLY-2337 Major Closed Darran Lofthouse

WFLY-490 Eliminate additional round trip exchange of Subject from host controller to app server or slave host controllers.

8.0.0.CR1
Sub-task WFLY-2317 Major Closed Brian Stansberry

WFLY-490 Trying to remove a server group as a server-group-scoped role leaks information

8.0.0.CR1
Sub-task WFLY-2307 Major Closed Brian Stansberry

WFLY-490 Allow access-control "write" metadata to say "true" for read-only attributes

8.0.0.CR1
Sub-task WFLY-2299 Major Closed Brian Stansberry

WFLY-490 SGSR permission are wrong on server-config

8.0.0.CR1
Sub-task WFLY-2278 Major Closed Brian Stansberry

WFLY-490 Deployer can't modify data source when datasources set as application resources

8.0.0.CR1
Sub-task WFLY-2274 Major Closed Brian Stansberry

WFLY-490 Expose the list of standard role names and of all role names

8.0.0.CR1
Sub-task WFLY-2271 Major Closed Darran Lofthouse

WFLY-490 A problem setting include-all on a role mapping is failing getting rolled back.

8.0.0.CR1
Sub-task WFLY-2270 Major Closed Darran Lofthouse

WFLY-490 Lack of model integrity checking regarding role mappings, standard role names and scoped role names.

8.0.0.CR1
Sub-task WFLY-2258 Major Closed Brian Stansberry

WFLY-490 Add sensitivities to the subsystem 'describe' operations

8.0.0.CR1
Sub-task WFLY-2220 Critical Closed Darran Lofthouse

WFLY-490 Unable to reload server after adding role and executing :reload

8.0.0.CR1
Sub-task WFLY-2216 Major Closed Darran Lofthouse

WFLY-490 include-all role mappings don't work in domain

8.0.0.CR1
Sub-task WFLY-2190 Major Closed Brian Stansberry

WFLY-490 Priviledge alignment for scoped resources

8.0.0.CR1
Sub-task WFLY-2189 Major Closed Brian Stansberry

WFLY-490 Enforce and correctly describe permissions on domain server lifecycle ops

8.0.0.Beta1
Sub-task WFLY-2179 Major Closed Brian Stansberry

WFLY-490 Enforce permissions on deployment upload ops

8.0.0.Beta1
Sub-task WFLY-2175 Major Closed Brian Stansberry

WFLY-490 Add transformers for RBAC resources

8.0.0.Beta1
Sub-task WFLY-2155 Blocker Closed Darran Lofthouse

WFLY-490 Defining <outbound-connections> in <management> prevents the server to start

8.0.0.Beta1
Sub-task WFLY-2143 Major Closed Darran Lofthouse

WFLY-490 Security Realm - authorization validation

8.0.0.Beta1
Sub-task WFLY-2142 Major Closed Darran Lofthouse

WFLY-490 Improve SecurityRealm service removal.

8.0.0.Beta1
Sub-task WFLY-2139 Major Closed Kabir Khan

WFLY-490 ProxyStepHandler/Controller need to check access before attempting to read information

8.0.0.Beta1
Sub-task WFLY-2131 Major Closed Kabir Khan

WFLY-490 read-operation-names to return a filtered list of allowed operations

8.0.0.Beta1
Sub-task WFLY-2119 Major Closed Oleksiy Lubyanskyy

WFLY-490 RBAC-based tab completion for the CLI commands

8.0.0.CR1
Sub-task WFLY-2112 Major Closed Ladislav Thon

WFLY-490 Test that validate-address and validate-operation do not leak non-addressable addresses

8.0.0.CR1
Sub-task WFLY-2098 Major Closed Brian Stansberry

WFLY-490 NPE when modifying an existing server-group scoped role

8.0.0.Beta1
Sub-task WFLY-2091 Major Closed Kabir Khan

WFLY-490 Remove host.xml host scoped role config

8.0.0.Beta1
Sub-task WFLY-2089 Major Closed Brian Stansberry

WFLY-490 Error executing composite operation as server group role

8.0.0.Beta1
Sub-task WFLY-2087 Critical Closed Darran Lofthouse

WFLY-490 Administrator should be prevented from modifying super user and auditor roles.

8.0.0.Beta1
Sub-task WFLY-2086 Major Closed Tomaž Cerar (Inactive)

WFLY-490 Update platform-mbean resources to allow configuration of sensitivity constraints

8.0.0.Beta1
Sub-task WFLY-2085 Major Closed Brian Stansberry

WFLY-490 Prevent server group scoped roles modifying the master HC if it has no servers

8.0.0.CR1
Sub-task WFLY-2068 Major Closed Darran Lofthouse

WFLY-490 Add support for an include-all option on individual role mappings.

8.0.0.Beta1
Sub-task WFLY-2066 Critical Closed Darran Lofthouse

WFLY-490 Upgrade to Remoting JMX 2.0.0.CR2

8.0.0.Beta1
Sub-task WFLY-2063 Critical Closed Darran Lofthouse

WFLY-490 Remove support for use-realm-roles in role mapping implementation,

8.0.0.Beta1
Sub-task WFLY-2050 Major Closed Brian Stansberry

WFLY-490 Ensure there is proper trace level logging for all RBAC decisions

8.0.0.CR1
Sub-task WFLY-2044 Major Closed Darran Lofthouse

WFLY-490 Rework Subject propagation to avoid marshaling.

8.0.0.CR1
Sub-task WFLY-2043 Major Closed Brian Stansberry

WFLY-490 RBAC config for slave HCs unable to access master HC

8.0.0.Beta1
Sub-task WFLY-2040 Major Closed Kabir Khan

WFLY-490 RBAC + JMX: auditor can't read sensitive non-core MBeans

8.0.0.Beta1
Sub-task WFLY-2037 Major Closed Heiko Braun

WFLY-490 Login as user with no role assigned leads to 500 error page

8.0.0.Beta1
Sub-task WFLY-2029 Major Closed Kabir Khan

WFLY-490 access-type attribute description and access-control section

8.0.0.Beta1
Sub-task WFLY-2026 Major Closed Brian Stansberry

WFLY-490 Include hosts in allowed resources for server group scoped roles

8.0.0.Beta1
Sub-task WFLY-2025 Major Closed Kabir Khan

WFLY-490 Remove configurability of VaultExpressionSensitivityConfig addressability

8.0.0.Beta1
Sub-task WFLY-2024 Major Closed Unassigned

WFLY-490 Scoped roles base on SuperUser should not be allowed

8.0.0.CR1
Sub-task WFLY-2010 Major Closed Brian Stansberry

WFLY-490 RBAC: read-resource-description is wrong about the ability to :add in the datasources subsystem

8.0.0.Beta1
Sub-task WFLY-2003 Major Closed Brian Stansberry

WFLY-490 Failed handling operation rollback -- null

8.0.0.Beta1
Sub-task WFLY-2000 Major Closed Brian Stansberry

WFLY-490 No enum AccessAuthorizationResourceDefinition.Provider.UNDEFINED

8.0.0.Beta1
Sub-task WFLY-1986 Major Closed Kabir Khan

WFLY-490 Review exceptions thrown for authorization cases in JMX

8.0.0.Beta1
Sub-task WFLY-1985 Critical Closed Ladislav Thon

WFLY-490 read-attribute operation is leaking value when user is not authorized to read that attribute

8.0.0.Beta1
Sub-task WFLY-1983 Major Closed Kabir Khan

WFLY-490 MBeans for unaddressable resources available through JMX

8.0.0.Beta1
Sub-task WFLY-1980 Major Closed Brian Stansberry

WFLY-490 Revisit priviledges for /core-service=management/access=authorization

8.0.0.Beta1
Sub-task WFLY-1977 Major Closed Brian Stansberry

WFLY-490 Add configuration attribute for PERMISSIVE vs REJECTING role combinations

8.0.0.Beta1
Sub-task WFLY-1955 Major Closed Emanuel Muckenhuber (Inactive)

WFLY-490 Failed to read hosts

8.0.0.CR1
Sub-task WFLY-1943 Major Closed Darran Lofthouse

WFLY-490 Add Run-As Capability to ConfigurableRoleMapper

8.0.0.Beta1
Sub-task WFLY-1942 Major Closed Brian Stansberry

WFLY-490 Forward port core management xsd schema 1.5 from EAP

8.0.0.CR1
Sub-task WFLY-1936 Major Closed Brian Stansberry

WFLY-490 Ensure RBAC metadata changes result in management API bump

8.0.0.Beta1
Sub-task WFLY-1923 Major Closed Darran Lofthouse

WFLY-490 Access through unsecured management interface

8.0.0.Beta1
Sub-task WFLY-1922 Major Closed Ladislav Thon

WFLY-490 Test rbac for jmx in the testsuite

8.0.0.Beta1
Sub-task WFLY-1920 Major Closed Kabir Khan

WFLY-490 Access control constraints for the audit logging resources

8.0.0.Beta1
Sub-task WFLY-1915 Major Closed Brian Stansberry

WFLY-490 Propagation of access control configuration to slave host controllers

8.0.0.Beta1
Sub-task WFLY-1866 Major Closed Brian Stansberry

WFLY-490 More useful access control failure messages

 
Sub-task WFLY-1858 Blocker Closed Tomaž Cerar (Inactive)

WFLY-490 Add RBAC sensitivity classification constraints to undertow subsystem

8.0.0.CR1
Sub-task WFLY-1852 Major Closed Darran Lofthouse

WFLY-490 Populate the Subject with the required prinicpals for rbac/audit logging earlier

8.0.0.CR1
Sub-task WFLY-1844 Major Closed Kabir Khan

WFLY-490 deep-copy-subject-mode attribute on Security Subsystem is Readable to all roles

8.0.0.Beta1
Sub-task WFLY-1843 Major Closed Brian Stansberry

WFLY-490 Invoking :read-resource operation on Security subsystem as a role with restricted privileges causes NPE

8.0.0.Alpha4
Sub-task WFLY-1838 Major Closed Kabir Khan

WFLY-490 Authorisation descision filtered vs. read-only

8.0.0.Alpha4
Sub-task WFLY-1821 Blocker Closed Heiko Braun

WFLY-490 Update to web console 2.0.0.Final

8.0.0.Beta1
Sub-task WFLY-1820 Minor Closed Brian Stansberry

WFLY-490 Report data about what resources/attributes/ops a SensitivityClassification or ApplicationTypeConfig are applied to

8.0.0.Beta1
Sub-task WFLY-1819 Minor Closed Brian Stansberry

WFLY-490 Prevent non-core use of ApplicationTypeConfig.DEPLOYMENT

8.0.0.Beta1
Sub-task WFLY-1818 Major Closed Brian Stansberry

WFLY-490 Allow ModelControllerClient configurations to disable the JBOSS_LOCAL_USER SASL mechanism

8.0.0.Alpha4
Sub-task WFLY-1817 Major Closed Tomaž Cerar (Inactive)

WFLY-490 Ensure platform-mbean misc write ops require write perms

8.0.0.Beta1
Sub-task WFLY-1790 Major Closed Ladislav Thon

WFLY-490 RBAC: HostScopedRole* operations are wrong (copy&paste from ServerGroupScopedRole*)

8.0.0.Final
Sub-task WFLY-1789 Major Closed Brian Stansberry

WFLY-490 RBAC: OperationContextImpl.readResourceForUpdate is missing an authorize call

8.0.0.Alpha4
Sub-task WFLY-1788 Major Closed Ladislav Thon

WFLY-490 RBAC: role combination doesn't work

8.0.0.Final
Sub-task WFLY-1756 Major Closed Kabir Khan

WFLY-490 Add access-control parameter to read-operation-description operation

8.0.0.Beta1

Cancel