[
https://issues.jboss.org/browse/ISPN-4451?page=com.atlassian.jira.plugin....
]
Tristan Tarrant commented on ISPN-4451:
---------------------------------------
I'm going to check about the LIFECYCLE permission on starting a cache, and maybe add a
check for any permission on the getCache() (i.e. anything greater than NONE)
Missing ACCESS right
--------------------
Key: ISPN-4451
URL:
https://issues.jboss.org/browse/ISPN-4451
Project: Infinispan
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: Security
Reporter: Vojtech Juranek
Assignee: Tristan Tarrant
When security is turned on ({{cacheConfig.security().authorization().enable()}}), any
user can obtain/create a cache, even unauthorized users. This should be allowed only for
users with right {{ACCESS}}. This right is actually not present in
{{AuthorizationPermission}}.
--
This message was sent by Atlassian JIRA
(v6.2.6#6264)