A user who is not assigned to any role into JON are able to login, but doesn't see any platform and it's access is really limited. JON integration with a LDAP could bring hundreds of users and all of them will be able to login into JON. Admins would like to block the users without roles to login. 'Enabled Login' is not enough since admins need to wait the user to login to add the LDAP user entry into the JON database, and then change the 'Enabled Login' value to false.
branch: master link: https://github.com/rhq-project/rhq/commit/2d64ae7ab time: 2014-05-13 15:39:35 +0200 commit: 2d64ae7abedfd1ae973db55967fefad9e9e51a3d author: Jirka Kremser - jkremser message: [BZ 1070277] - (JON3-39) JON should (be able to) block login to a user without roles Adding a flag into system settings that will indicate if it is allowed to log in without any assigned RHQ role. Our RBAC current implementation luckily protect user from performing any server-side calls, but she is still able to see alert and metric templates, download and install agent, etc. If the flag (Enable Login Without Roles) is set to true everything is as before this change. Otherwise, the user is not let into the application. Because of the security reasons there is no difference between invalid credentials and valid credentials together with no assigned role. It defaults to false. NOTE: It does not apply only for LDAP users but for all users, because it should be consistent for both JDBC and LDAP users.
Heiko Rupp <hrupp> updated the status of jira JON3-39 to Resolved
Moving to ON_QA as available to test with brew build of DR01: https://brewweb.devel.redhat.com//buildinfo?buildID=373993
taking QA contact.
mfoley user <mfoley> updated the status of jira JON3-39 to Reopened
Jirka, just set this to MODIFIED when you do the same for Bug 1133947. It's basically a tracker from what I can see.
branch: master link: https://github.com/rhq-project/rhq/commit/4df0d7f41 time: 2014-09-22 18:57:49 +0200 commit: 4df0d7f411da1a03604e49c6b9d0117965616ca8 author: Jirka Kremser - jkremser message: [BZ 1070277] - (JON3-39) JON should (be able to) block login to a user without roles - Changing the default of the property to true, i.e. enabling the login for user without roles by default.
branch: release/jon3.3.x link: https://github.com/rhq-project/rhq/commit/19bfe3af3 time: 2014-09-25 17:03:21 +0200 commit: 19bfe3af34c894a69dfe69fae7729177e367e2c6 author: Jirka Kremser - jkremser message: [BZ 1070277] - (JON3-39) JON should (be able to) block login to a user without roles - Changing the default of the property to true, i.e. enabling the login for user without roles by default. (cherry picked from commit 4df0d7f411da1a03604e49c6b9d0117965616ca8) Signed-off-by: Jirka Kremser <jkremser>
branch: release/jon3.3.x link: https://github.com/rhq-project/rhq/commit/78d2e8e1c time: 2014-09-25 17:17:46 +0200 commit: 78d2e8e1cbd082fdf5796dca9cced4d43e880ab8 author: Jirka Kremser - jkremser message: [BZ 1070277] - (JON3-39) JON should (be able to) block login to a user without roles - adding it to the db-upgrade.xml also using lower case in sysconfig-data.xml (cherry picked from commit 74f4240ea865308b7dea9aa025fd0574423f52ac) Signed-off-by: Jirka Kremser <jkremser>
Moving to ON_QA as available for test with build: https://brewweb.devel.redhat.com/buildinfo?buildID=388959
Based on ... 1) this BZ being closed: https://bugzilla.redhat.com/show_bug.cgi?id=1150586 2) https://tcms.engineering.redhat.com/run/166675/?from_plan=14350 GSS ... please review item #1, and re-open if needed. Based on #1, #2 ...JON 3-39 is "Test Complete"
mfoley user <mfoley> updated the status of jira JON3-39 to Resolved
(In reply to Mike Foley from comment #21) > Based on ... > > 1) this BZ being closed: https://bugzilla.redhat.com/show_bug.cgi?id=1150586 > 2) https://tcms.engineering.redhat.com/run/166675/?from_plan=14350 > > GSS ... please review item #1, and re-open if needed. > > Based on #1, #2 ...JON 3-39 is "Test Complete" I have re-opened bug 1150586 as the requirement clearly states that the warning should occur on the first attempt. Without such a warning or any feedback, the login screen appears broken and this becomes a usability issue.
Jirka Kremser <jkremser> updated the status of jira JON3-39 to Resolved