Details
-
Bug
-
Resolution: Done
-
Major
-
jboss-fuse-6.2.1
-
None
Description
Trying to define the roles allowed to access the hawtio console as documented in http://hawt.io/configuration/index.html, it was found that a single role works, whereas a setup with multiple roles, separated by comma, does not work:
OK: <property name="hawtio.role" value="admin" />
FAIL: <property name="hawtio.roles" value="admin,viewer" />
DEBUG level logging shows that the role value is not split:
14:40:41,593 DEBUG [io.hawt.system.Authenticator] (http-/127.0.0.1:8080-1) Checking principal Roles(members:admin,hawt,weiler) if it is a Jboss specific SimpleGroup containing group info 14:40:41,593 DEBUG [io.hawt.system.Authenticator] (http-/127.0.0.1:8080-1) Matching Jboss EAP group name admin to required role admin,viewer
While the roles are split in the general checkIfSubjectHasRequiredRole method:
https://github.com/hawtio/hawtio/blob/master/hawtio-system/src/main/java/io/hawt/system/Authenticator.java#L175
https://github.com/hawtio/hawtio/blob/master/hawtio-system/src/main/java/io/hawt/system/Authenticator.java#L294
the same split logic is missing in the WebSphere/EAP specific methods:
Attachments
Issue Links
- is cloned by
-
ENTESB-5629 Authenticator.checkIfSubjectHasRequiredRoleOnWebsphere method is missing logic to handle multiple roles
- Closed