1018521 – RBAC: role-mapping are assumed to be in form of type-principal@realm in Role assignment administration

Bug 1018521 - RBAC: role-mapping are assumed to be in form of type-principal@realm in Role assignment administration

Summary: RBAC: role-mapping are assumed to be in form of type-principal@realm in Role...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	JBoss Enterprise Application Platform 6
Classification:	JBoss
Component:	Web Console
Sub Component:
Version:	6.2.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	urgent
Target Milestone:	ER7
Target Release:	---
Assignee:	Heiko Braun
QA Contact:	Jakub Cechacek
Docs Contact:	Russell Dickenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-10-12 21:11 UTC by Jakub Cechacek
Modified:	2015-02-01 23:00 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2013-12-15 16:19:49 UTC
Type:	Bug
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	HAL-272	0	Major	Resolved	RBAC: role-mapping are assumed to be in form of type-principal@realm in Role assignment administration	2013-11-21 19:31:17 UTC

Description Jakub Cechacek 2013-10-12 21:11:24 UTC

Console assumes that all role-mappings names are in form of type-principal@realm (e.g. user-someuser@SomeRealm or group-somegroup@SomeRealm). Consequently it is not possible to manage role mappings created through other management interfaces and named differently.  

Steps to reproduce:

1) create role mapping
/core-service=management/access=authorization/role-mapping=MONITOR:add()
/core-service=management/access=authorization/role-mapping=MONITOR/include=monitor:add(name=monitor, type=user, realm=ManagementRealm)

2) Navigate to Administration - Role Assignment 
3) Try to remove role assignments for user monitor 

Expected result: role-mappings for user monitor are removed
Actual result: Error message (Unable to remove...) due to different naming than expected.

Comment 1 JBoss JIRA Server 2013-10-13 21:09:16 UTC

Harald Pehl <hpehl> made a comment on jira HAL-272

Fixed the wrong addressing "type-principal@realm". Mappings created through other management interfaces like the CLI are honored now. 

However there's still one open issue: When creating a role-mapping through the CLI using a non-formal role name like "MONITOR", the role name is used as is in the persistent configuration (instead the formal role name "Monitor"). This causes the problems described above. In other words the fix is only valid if formal role names are used in all management interfaces.

Comment 2 JBoss JIRA Server 2013-10-14 10:25:52 UTC

Harald Pehl <hpehl> updated the status of jira HAL-272 to Resolved

Comment 3 Harald Pehl 2013-10-29 13:51:10 UTC

Fixed in HAL 2.0.5.Final

Comment 4 Jakub Cechacek 2013-10-31 14:03:33 UTC

Verified 6.2.0.ER7

Note You need to log in before you can comment on or make changes to this bug.