[
https://issues.jboss.org/browse/ISPN-4451?page=com.atlassian.jira.plugin....
]
Vojtech Juranek commented on ISPN-4451:
---------------------------------------
I was able to create new cache with any user, no matter if it has {{LIFECYCLE}} permission
or not, so IMHO it's critical. Once it requires {{LIFECYCLE}} permission, {{ACCESS}}
is IMHO not very important (or the issue is definitely not critical).
Missing ACCESS right
--------------------
Key: ISPN-4451
URL:
https://issues.jboss.org/browse/ISPN-4451
Project: Infinispan
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: Security
Reporter: Vojtech Juranek
Assignee: Tristan Tarrant
When security is turned on ({{cacheConfig.security().authorization().enable()}}), any
user can obtain/create a cache, even unauthorized users. This should be allowed only for
users with right {{ACCESS}}. This right is actually not present in
{{AuthorizationPermission}}.
--
This message was sent by Atlassian JIRA
(v6.2.6#6264)