HR client auth over kerberos has wrong AccessControlContext ----------------------------------------------------------- Key: ISPN-4306 URL: https://issues.jboss.org/browse/ISPN-4306 Project: Infinispan Issue Type: Bug Security Level: Public(Everyone can see) Components: Test Suite - Server Reporter: Vojtech Juranek Assignee: Tristan Tarrant Fix For: 7.0.0.Beta1 When HotRod client authneticate to HR server via kerberos, HR server obtains wrong {{AccessControlContext}}, which doesn't contain appropriate subject (to be more clear it's in [AuthorizationManagerImpl.checkPermission()|https://github.com/infinispan/...]). Returned subject is {{null}} and moreover this default {{AccessControlContext}} allows to do anything, so effectively the HR client can do anything, no matter what the permissions are. Need to mention that in this case java {{SecurityManager}} is turned off, but as the same setup works with e.g. MD5 auth, we should keep some consistency and it shouldn't work in any case (and {{SecurityManager}} to be turned on should be a hard requirement to ISPN auth works) or it should work also in case of krb auth.