Uploaded image for project: 'WildFly Core'
  1. WildFly Core
  2. WFCORE-639

ManagementPermissionAuthorizer is limited to the standard roles for its authorizeJmxOperation impl

    Details

      Description

      ManagementPermissionAuthorizer.authorizeJmxOperation uses hard coded decision making based on the standard 7 roles. This is inflexible and specifically doesn't allow scoped roles to function properly.

      I believe the JmxPermissionFactory interface needs to be redone to use permissions instead of role names. It should have an API more like org.jboss.as.controller.access.permission.PermissionFactory, with getUserPermissions and getRequiredPermissions. Something like

      PermissionCollection getUserPermissions(Caller caller, Environment callEnvironment, JmxAction action)

      PermissionCollection getRequiredPermissions(JmxAction action);

      Then ManagementPermissionAuthorizer.authorizeJmxOperation does a permission match check similar to what it does for management resource permissions.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                ehugonnet Emmanuel Hugonnet
                Reporter:
                brian.stansberry Brian Stansberry
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: