Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-430

Update the whoami operation to output additional information when called with verbose=true

    XMLWordPrintable

Details

    • Task
    • Resolution: Done
    • Critical
    • 8.0.0.Beta1
    • None
    • CLI, Security
    • None

    Description

      I need to review if this is feasible but there are a number of reports coming in where end users believe their server is not secured because our local / silent mechanism is working so quietly.

      Initially this issue was to just output the authentication mechanism used however with the addition of access control to WildFly 8 there is additional information that will be useful: -

      • Authentication Mechanism
      • Current role membership (May need to take into account the address i.e. what roles do I have at this address)
      • Additional items that may be used in an authorization decision? e.g. Confidential connection, time, address of client (verify a local connection does appear local)

      Anything else that is included in the audit?
      Could some of these attributes in a response be considered sensitive? Return everything except the sensitive ones.

      Attachments

        Issue Links

          blocks

          Sub-task - The sub-task of the issue HAL-136 Retrieve actual roles as part of the bootstrap process

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved
          is blocked by

          Bug - A problem that impairs or prevents the functions of the product. WFLY-1907 The whoami operation is not usable with the JMX integration.

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              darran.lofthouse@redhat.com Darran Lofthouse
              darran.lofthouse@redhat.com Darran Lofthouse
              Votes:
              2 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: