|
|
WFLY-2572
|
|
Closed |
Brian Stansberry
|
WFLY-490
OperationContext.readResourceFromRoot throws UnauthorizedException even when the user doesn't have 'address' perms
|
|
|
8.0.0.CR1 |
|
|
WFLY-2444
|
|
Closed |
Brian Stansberry
|
WFLY-490
Missing filtering response header from type=*:read-resource
|
|
|
8.0.0.CR1 |
|
|
WFLY-2412
|
|
Closed |
Darran Lofthouse
|
WFLY-490
Security Realm and LDAP Connection incorrectly available as resourced under core-services=management in domain mode.
|
|
|
8.0.0.CR1 |
|
|
WFLY-2394
|
|
Closed |
Darran Lofthouse
|
WFLY-490
AccessControlContext and management users Subject leaking into thread pool of host controller executor.
|
|
|
8.0.0.CR1 |
|
|
WFLY-2337
|
|
Closed |
Darran Lofthouse
|
WFLY-490
Eliminate additional round trip exchange of Subject from host controller to app server or slave host controllers.
|
|
|
8.0.0.CR1 |
|
|
WFLY-2317
|
|
Closed |
Brian Stansberry
|
WFLY-490
Trying to remove a server group as a server-group-scoped role leaks information
|
|
|
8.0.0.CR1 |
|
|
WFLY-2307
|
|
Closed |
Brian Stansberry
|
WFLY-490
Allow access-control "write" metadata to say "true" for read-only attributes
|
|
|
8.0.0.CR1 |
|
|
WFLY-2299
|
|
Closed |
Brian Stansberry
|
WFLY-490
SGSR permission are wrong on server-config
|
|
|
8.0.0.CR1 |
|
|
WFLY-2278
|
|
Closed |
Brian Stansberry
|
WFLY-490
Deployer can't modify data source when datasources set as application resources
|
|
|
8.0.0.CR1 |
|
|
WFLY-2274
|
|
Closed |
Brian Stansberry
|
WFLY-490
Expose the list of standard role names and of all role names
|
|
|
8.0.0.CR1 |
|
|
WFLY-2271
|
|
Closed |
Darran Lofthouse
|
WFLY-490
A problem setting include-all on a role mapping is failing getting rolled back.
|
|
|
8.0.0.CR1 |
|
|
WFLY-2270
|
|
Closed |
Darran Lofthouse
|
WFLY-490
Lack of model integrity checking regarding role mappings, standard role names and scoped role names.
|
|
|
8.0.0.CR1 |
|
|
WFLY-2258
|
|
Closed |
Brian Stansberry
|
WFLY-490
Add sensitivities to the subsystem 'describe' operations
|
|
|
8.0.0.CR1 |
|
|
WFLY-2220
|
|
Closed |
Darran Lofthouse
|
WFLY-490
Unable to reload server after adding role and executing :reload
|
|
|
8.0.0.CR1 |
|
|
WFLY-2216
|
|
Closed |
Darran Lofthouse
|
WFLY-490
include-all role mappings don't work in domain
|
|
|
8.0.0.CR1 |
|
|
WFLY-2190
|
|
Closed |
Brian Stansberry
|
WFLY-490
Priviledge alignment for scoped resources
|
|
|
8.0.0.CR1 |
|
|
WFLY-2189
|
|
Closed |
Brian Stansberry
|
WFLY-490
Enforce and correctly describe permissions on domain server lifecycle ops
|
|
|
8.0.0.Beta1 |
|
|
WFLY-2179
|
|
Closed |
Brian Stansberry
|
WFLY-490
Enforce permissions on deployment upload ops
|
|
|
8.0.0.Beta1 |
|
|
WFLY-2175
|
|
Closed |
Brian Stansberry
|
WFLY-490
Add transformers for RBAC resources
|
|
|
8.0.0.Beta1 |
|
|
WFLY-2155
|
|
Closed |
Darran Lofthouse
|
WFLY-490
Defining <outbound-connections> in <management> prevents the server to start
|
|
|
8.0.0.Beta1 |
|
|
WFLY-2143
|
|
Closed |
Darran Lofthouse
|
WFLY-490
Security Realm - authorization validation
|
|
|
8.0.0.Beta1 |
|
|
WFLY-2142
|
|
Closed |
Darran Lofthouse
|
WFLY-490
Improve SecurityRealm service removal.
|
|
|
8.0.0.Beta1 |
|
|
WFLY-2139
|
|
Closed |
Kabir Khan
|
WFLY-490
ProxyStepHandler/Controller need to check access before attempting to read information
|
|
|
8.0.0.Beta1 |
|
|
WFLY-2131
|
|
Closed |
Kabir Khan
|
WFLY-490
read-operation-names to return a filtered list of allowed operations
|
|
|
8.0.0.Beta1 |
|
|
WFLY-2119
|
|
Closed |
Alexey Loubyansky
|
WFLY-490
RBAC-based tab completion for the CLI commands
|
|
|
8.0.0.CR1 |
|
|
WFLY-2112
|
|
Closed |
Ladislav Thon
|
WFLY-490
Test that validate-address and validate-operation do not leak non-addressable addresses
|
|
|
8.0.0.CR1 |
|
|
WFLY-2098
|
|
Closed |
Brian Stansberry
|
WFLY-490
NPE when modifying an existing server-group scoped role
|
|
|
8.0.0.Beta1 |
|
|
WFLY-2091
|
|
Closed |
Kabir Khan
|
WFLY-490
Remove host.xml host scoped role config
|
|
|
8.0.0.Beta1 |
|
|
WFLY-2089
|
|
Closed |
Brian Stansberry
|
WFLY-490
Error executing composite operation as server group role
|
|
|
8.0.0.Beta1 |
|
|
WFLY-2087
|
|
Closed |
Darran Lofthouse
|
WFLY-490
Administrator should be prevented from modifying super user and auditor roles.
|
|
|
8.0.0.Beta1 |
|
|
WFLY-2086
|
|
Closed |
Tomaž Cerar (Inactive)
|
WFLY-490
Update platform-mbean resources to allow configuration of sensitivity constraints
|
|
|
8.0.0.Beta1 |
|
|
WFLY-2085
|
|
Closed |
Brian Stansberry
|
WFLY-490
Prevent server group scoped roles modifying the master HC if it has no servers
|
|
|
8.0.0.CR1 |
|
|
WFLY-2068
|
|
Closed |
Darran Lofthouse
|
WFLY-490
Add support for an include-all option on individual role mappings.
|
|
|
8.0.0.Beta1 |
|
|
WFLY-2066
|
|
Closed |
Darran Lofthouse
|
WFLY-490
Upgrade to Remoting JMX 2.0.0.CR2
|
|
|
8.0.0.Beta1 |
|
|
WFLY-2063
|
|
Closed |
Darran Lofthouse
|
WFLY-490
Remove support for use-realm-roles in role mapping implementation,
|
|
|
8.0.0.Beta1 |
|
|
WFLY-2050
|
|
Closed |
Brian Stansberry
|
WFLY-490
Ensure there is proper trace level logging for all RBAC decisions
|
|
|
8.0.0.CR1 |
|
|
WFLY-2044
|
|
Closed |
Darran Lofthouse
|
WFLY-490
Rework Subject propagation to avoid marshaling.
|
|
|
8.0.0.CR1 |
|
|
WFLY-2043
|
|
Closed |
Brian Stansberry
|
WFLY-490
RBAC config for slave HCs unable to access master HC
|
|
|
8.0.0.Beta1 |
|
|
WFLY-2040
|
|
Closed |
Kabir Khan
|
WFLY-490
RBAC + JMX: auditor can't read sensitive non-core MBeans
|
|
|
8.0.0.Beta1 |
|
|
WFLY-2037
|
|
Closed |
Heiko Braun
|
WFLY-490
Login as user with no role assigned leads to 500 error page
|
|
|
8.0.0.Beta1 |
|
|
WFLY-2029
|
|
Closed |
Kabir Khan
|
WFLY-490
access-type attribute description and access-control section
|
|
|
8.0.0.Beta1 |
|
|
WFLY-2026
|
|
Closed |
Brian Stansberry
|
WFLY-490
Include hosts in allowed resources for server group scoped roles
|
|
|
8.0.0.Beta1 |
|
|
WFLY-2025
|
|
Closed |
Kabir Khan
|
WFLY-490
Remove configurability of VaultExpressionSensitivityConfig addressability
|
|
|
8.0.0.Beta1 |
|
|
WFLY-2024
|
|
Closed |
Unassigned
|
WFLY-490
Scoped roles base on SuperUser should not be allowed
|
|
|
8.0.0.CR1 |
|
|
WFLY-2010
|
|
Closed |
Brian Stansberry
|
WFLY-490
RBAC: read-resource-description is wrong about the ability to :add in the datasources subsystem
|
|
|
8.0.0.Beta1 |
|
|
WFLY-2003
|
|
Closed |
Brian Stansberry
|
WFLY-490
Failed handling operation rollback -- null
|
|
|
8.0.0.Beta1 |
|
|
WFLY-2000
|
|
Closed |
Brian Stansberry
|
WFLY-490
No enum AccessAuthorizationResourceDefinition.Provider.UNDEFINED
|
|
|
8.0.0.Beta1 |
|
|
WFLY-1986
|
|
Closed |
Kabir Khan
|
WFLY-490
Review exceptions thrown for authorization cases in JMX
|
|
|
8.0.0.Beta1 |
|
|
WFLY-1985
|
|
Closed |
Ladislav Thon
|
WFLY-490
read-attribute operation is leaking value when user is not authorized to read that attribute
|
|
|
8.0.0.Beta1 |
|
|
WFLY-1983
|
|
Closed |
Kabir Khan
|
WFLY-490
MBeans for unaddressable resources available through JMX
|
|
|
8.0.0.Beta1 |
|
|
WFLY-1980
|
|
Closed |
Brian Stansberry
|
WFLY-490
Revisit priviledges for /core-service=management/access=authorization
|
|
|
8.0.0.Beta1 |
|
|
WFLY-1977
|
|
Closed |
Brian Stansberry
|
WFLY-490
Add configuration attribute for PERMISSIVE vs REJECTING role combinations
|
|
|
8.0.0.Beta1 |
|
|
WFLY-1955
|
|
Closed |
Emanuel Muckenhuber (Inactive)
|
WFLY-490
Failed to read hosts
|
|
|
8.0.0.CR1 |
|
|
WFLY-1943
|
|
Closed |
Darran Lofthouse
|
WFLY-490
Add Run-As Capability to ConfigurableRoleMapper
|
|
|
8.0.0.Beta1 |
|
|
WFLY-1942
|
|
Closed |
Brian Stansberry
|
WFLY-490
Forward port core management xsd schema 1.5 from EAP
|
|
|
8.0.0.CR1 |
|
|
WFLY-1936
|
|
Closed |
Brian Stansberry
|
WFLY-490
Ensure RBAC metadata changes result in management API bump
|
|
|
8.0.0.Beta1 |
|
|
WFLY-1923
|
|
Closed |
Darran Lofthouse
|
WFLY-490
Access through unsecured management interface
|
|
|
8.0.0.Beta1 |
|
|
WFLY-1922
|
|
Closed |
Ladislav Thon
|
WFLY-490
Test rbac for jmx in the testsuite
|
|
|
8.0.0.Beta1 |
|
|
WFLY-1920
|
|
Closed |
Kabir Khan
|
WFLY-490
Access control constraints for the audit logging resources
|
|
|
8.0.0.Beta1 |
|
|
WFLY-1915
|
|
Closed |
Brian Stansberry
|
WFLY-490
Propagation of access control configuration to slave host controllers
|
|
|
8.0.0.Beta1 |
|
|
WFLY-1866
|
|
Closed |
Brian Stansberry
|
WFLY-490
More useful access control failure messages
|
|
|
|
|
|
WFLY-1858
|
|
Closed |
Tomaž Cerar (Inactive)
|
WFLY-490
Add RBAC sensitivity classification constraints to undertow subsystem
|
|
|
8.0.0.CR1 |
|
|
WFLY-1852
|
|
Closed |
Darran Lofthouse
|
WFLY-490
Populate the Subject with the required prinicpals for rbac/audit logging earlier
|
|
|
8.0.0.CR1 |
|
|
WFLY-1844
|
|
Closed |
Kabir Khan
|
WFLY-490
deep-copy-subject-mode attribute on Security Subsystem is Readable to all roles
|
|
|
8.0.0.Beta1 |
|
|
WFLY-1843
|
|
Closed |
Brian Stansberry
|
WFLY-490
Invoking :read-resource operation on Security subsystem as a role with restricted privileges causes NPE
|
|
|
8.0.0.Alpha4 |
|
|
WFLY-1838
|
|
Closed |
Kabir Khan
|
WFLY-490
Authorisation descision filtered vs. read-only
|
|
|
8.0.0.Alpha4 |
|
|
WFLY-1821
|
|
Closed |
Heiko Braun
|
WFLY-490
Update to web console 2.0.0.Final
|
|
|
8.0.0.Beta1 |
|
|
WFLY-1820
|
|
Closed |
Brian Stansberry
|
WFLY-490
Report data about what resources/attributes/ops a SensitivityClassification or ApplicationTypeConfig are applied to
|
|
|
8.0.0.Beta1 |
|
|
WFLY-1819
|
|
Closed |
Brian Stansberry
|
WFLY-490
Prevent non-core use of ApplicationTypeConfig.DEPLOYMENT
|
|
|
8.0.0.Beta1 |
|
|
WFLY-1818
|
|
Closed |
Brian Stansberry
|
WFLY-490
Allow ModelControllerClient configurations to disable the JBOSS_LOCAL_USER SASL mechanism
|
|
|
8.0.0.Alpha4 |
|
|
WFLY-1817
|
|
Closed |
Tomaž Cerar (Inactive)
|
WFLY-490
Ensure platform-mbean misc write ops require write perms
|
|
|
8.0.0.Beta1 |
|
|
WFLY-1790
|
|
Closed |
Ladislav Thon
|
WFLY-490
RBAC: HostScopedRole* operations are wrong (copy&paste from ServerGroupScopedRole*)
|
|
|
8.0.0.Final |
|
|
WFLY-1789
|
|
Closed |
Brian Stansberry
|
WFLY-490
RBAC: OperationContextImpl.readResourceForUpdate is missing an authorize call
|
|
|
8.0.0.Alpha4 |
|
|
WFLY-1788
|
|
Closed |
Ladislav Thon
|
WFLY-490
RBAC: role combination doesn't work
|
|
|
8.0.0.Final |
|
|
WFLY-1756
|
|
Closed |
Kabir Khan
|
WFLY-490
Add access-control parameter to read-operation-description operation
|
|
|
8.0.0.Beta1 |