Bug 1038397
Summary: | Role Based Access Control (RBAC) does not work with Java Security Manager (JSM) enabled | ||
---|---|---|---|
Product: | [JBoss] JBoss Enterprise Application Platform 6 | Reporter: | David Jorm <djorm> |
Component: | Domain Management | Assignee: | Scott Mumford <smumford> |
Status: | CLOSED NOTABUG | QA Contact: | Russell Dickenson <rdickens> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 6.2.0 | CC: | dandread, lthon, mjc, smumford |
Target Milestone: | GA | Keywords: | Reopened |
Target Release: | EAP 6.3.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
When JBoss EAP 6 was run with the Java Security Manager enabled, the Role-Based Access-Control system was effectively disabled because in this situation all authenticated users were treated as SuperUsers. The only way to use Role-Based Access-Control was without the Java Security Manager enabled.
This issue was fixed in this release by making all access to the current `AccessControlContext` happen outside of the privileged action. As a result, Role-Based Access-Control is now still effective when enabling the Java Security Manager.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2015-02-23 01:36:41 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1036618, 1040480 |
Description
David Jorm
2013-12-05 04:10:41 UTC
*** Bug 1035231 has been marked as a duplicate of this bug. *** |