[ https://issues.apache.org/jira/browse/KARAF-4439?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jean-Baptiste Onofré updated KARAF-4439: ---------------------------------------- Fix Version/s: (was: 4.0.6) 4.0.7 > Prevent user authentication (shell & JMX) if he doesn't have role > ----------------------------------------------------------------- > > Key: KARAF-4439 > URL: https://issues.apache.org/jira/browse/KARAF-4439 > Project: Karaf > Issue Type: Bug > Components: karaf-management, karaf-security, karaf-shell > Reporter: Jean-Baptiste Onofré > Assignee: Jean-Baptiste Onofré > Priority: Critical > Fix For: 4.1.0, 4.0.7 > > > Right now, if an user doesn't have any role defined, he can logon and perform > "non" critical operations (the "critical" operation). > We should define a minimum role required for login and prevent users access > if they don't have the minimum role (before the ACL). -- This message was sent by Atlassian JIRA (v6.3.4#6332)