]
Vitalii Chepeliuk closed ISPN-4209.
-----------------------------------
Resolution: Won't Fix
This is EAP related issue. Close it.
After creating cache with AuthorizationPermission.ALL role ISPN000287
is thrown
-------------------------------------------------------------------------------
Key: ISPN-4209
URL:
https://issues.jboss.org/browse/ISPN-4209
Project: Infinispan
Issue Type: Bug
Components: Security
Affects Versions: 7.0.0.Alpha1, 7.0.0.Alpha2, 7.0.0.Alpha3
Environment: WildFly-8.0.0.Final
Reporter: Vitalii Chepeliuk
Assignee: Tristan Tarrant
Priority: Critical
Labels: 630
When I want to create cache with AuthorizationPermission.ALL and get Subject
{code}
Subject admin = getAdminSubject();
Subject.doAs(admin, new PrivilegedExceptionAction<Void>() {
public Void run() throws Exception {
manager = new DefaultCacheManager(globalConfig.build());
manager.defineConfiguration(CACHE_NAME, cacheConfig.build());
secureCache = manager.getCache(CACHE_NAME);
secureCache.put("predefined key", "predefined value");
return null;
}
});
}
{code}
Then following Error is thrown
{noformat}
< ERROR!
java.lang.SecurityException: ISPN000287: Unauthorized access: subject 'Subject:
Principal: admin(a)INFINISPAN.ORG
Private Credential: Ticket (hex) =
0000: 61 81 F0 30 81 ED A0 03 02 01 05 A1 10 1B 0E 49 a..0...........I
0010: 4E 46 49 4E 49 53 50 41 4E 2E 4F 52 47 A2 23 30 NFINISPAN.ORG.#0
0020: 21 A0 03 02 01 02 A1 1A 30 18 1B 06 6B 72 62 74 !.......0...krbt
0030: 67 74 1B 0E 49 4E 46 49 4E 49 53 50 41 4E 2E 4F gt..INFINISPAN.O
0040: 52 47 A3 81 AE 30 81 AB A0 03 02 01 11 A2 81 A3 RG...0..........
0050: 04 81 A0 C2 86 B1 FF 0F 1D 46 15 A5 7B 10 CB 3C .........F.....<
0060: 33 D2 34 69 80 F7 67 08 9F 0A 99 45 C5 6C 1E 6A 3.4i..g....E.l.j
0070: B7 83 C0 96 10 E7 5F 01 CA 30 08 18 4D 69 1F 16 ......_..0..Mi..
0080: CD 42 A7 F3 B9 5C 39 7A 21 80 19 21 91 CA 10 3B .B...\9z!..!...;
0090: 52 EE 24 B2 40 D2 F8 71 32 01 D9 62 DE 2F C7 1B R.$.@..q2..b./..
00A0: 0C A9 CE A9 3B 98 39 CF 90 C5 FF B5 C4 90 50 E5 ....;.9.......P.
00B0: A6 DD 65 FD F1 27 81 8D 46 05 3A AA 2D E4 A9 4F ..e..'..F.:.-..O
00C0: E4 6B B1 25 AD 0D F8 00 3B BF 13 B8 1B 15 09 B9 .k.%....;.......
00D0: CE F6 4A 4B D8 11 97 4A 09 83 06 ED CB D8 1C BC ..JK...J........
00E0: 99 6E 0F BA 35 C0 46 98 57 A3 BE 6D 6D 9E 25 E2 .n..5.F.W..mm.%.
00F0: D4 1B 1E ...
Client Principal = admin(a)INFINISPAN.ORG
Server Principal = krbtgt/INFINISPAN.ORG(a)INFINISPAN.ORG
Session Key = EncryptionKey: keyType=17 keyBytes (hex dump)=
0000: 40 72 B5 B3 88 AB 48 DB 59 40 90 85 D1 76 27 E1 @r....H.Y@...v'.
Forwardable Ticket true
Forwarded Ticket false
Proxiable Ticket false
Proxy Ticket false
Postdated Ticket false
Renewable Ticket false
Initial Ticket false
Auth Time = Mon Apr 14 21:33:05 CEST 2014
Start Time = Mon Apr 14 21:33:05 CEST 2014
End Time = Tue Apr 15 21:33:05 CEST 2014
Renew Till = null
Client Addresses Null
Private Credential: Kerberos Principal admin(a)INFINISPAN.ORGKey Version 0key
EncryptionKey: keyType=17 keyBytes
(hex dump)=
0000: 1F 15 6C 6B 21 66 FA 37 C0 34 44 16 D2 AB 77 09 ..lk!f.7.4D...w.
Private Credential: Kerberos Principal admin(a)INFINISPAN.ORGKey Version 0key
EncryptionKey: keyType=16 keyBytes
(hex dump)=
0000: C7 62 F4 0B C4 9B 08 5D C4 AD B3 F8 13 54 6B C2 .b.....].....Tk.
0010: A1 0B 7A 6B F2 8A D5 79 ..zk...y
Private Credential: Kerberos Principal admin(a)INFINISPAN.ORGKey Version 0key
EncryptionKey: keyType=23 keyBytes
(hex dump)=
0000: 4C 46 F8 52 11 0B 21 CE E6 0F 99 AD DE DE 34 9C LF.R..!.......4.
Private Credential: Kerberos Principal admin(a)INFINISPAN.ORGKey Version 0key
EncryptionKey: keyType=1 keyBytes (hex dump)=
0000: 89 FD 51 FD C7 46 13 5B ..Q..F.[
Private Credential: Kerberos Principal admin(a)INFINISPAN.ORGKey Version 0key
EncryptionKey: keyType=3 keyBytes (hex dump)=
0000: 89 FD 51 FD C7 46 13 5B ..Q..F.[
' lacks 'LIFECYCLE' permission
at
org.infinispan.security.impl.AuthorizationHelper.checkPermission(AuthorizationHelper.java:30)
at
org.infinispan.security.impl.AuthorizationManagerImpl.checkPermission(AuthorizationManagerImpl.java:53)
at org.infinispan.security.impl.SecureCacheImpl.start(SecureCacheImpl.java:80)
at
org.infinispan.manager.DefaultCacheManager.wireAndStartCache(DefaultCacheManager.java:567)
at
org.infinispan.manager.DefaultCacheManager.createCache(DefaultCacheManager.java:522)
at
org.infinispan.manager.DefaultCacheManager.getCache(DefaultCacheManager.java:402)
at
org.infinispan.integration.security.embedded.AbstractAuthenticationIT$1.run(AbstractAuthenticationIT.java:94)
at
org.infinispan.integration.security.embedded.AbstractAuthenticationIT$1.run(AbstractAuthenticationIT.java:90)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:415)
at
org.infinispan.integration.security.embedded.AbstractAuthenticationIT.setupCache(AbstractAuthenticationIT.java:90)
…
{noformat}