Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-8974

RBAC, There are missing access-constraint for attributes which referencing elytron capabilities.

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Critical
    • 11.0.0.Beta1
    • 11.0.0.Alpha1
    • Management, Security
    • None

    Description

      According to RFE EAP7-548 there must be set access-constraint where are referenced elytron capabilities.
      6 places were found where access-constraint missing.

      /subsystem=undertow:read-resource-description(recursive=true)

      There is http-invoker, attr http-authentication-factory with org.wildfly.security.http-authentication-factory capability.

      /subsystem=datasources:read-resource-description(recursive=true)

      There is xa-data-source, attr recovery-authentication-context with org.wildfly.security.authentication-context capability.

      /subsystem=ejb3:read-resource-description(recursive=true)

      There is identity, attr outflow-security-domains with org.wildfly.security.security-domain capability.

      /core-service=management/management-interface=http-interface:read-resource-description(recursive=true)

      There is sasl-authentication-factory with org.wildfly.security.sasl-authentication-factory capability.

      /deployment=test:read-resource-description(recursive=true)

      There is xa-data-source, attr recovery-authentication-context with org.wildfly.security.authentication-context capability
      and there is same problem in subdeployment resource too.

      Attachments

        Activity

          People

            sguilhen Stefan Guilhen
            sguilhen Stefan Guilhen
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: