[JBoss JIRA] (ISPN-4209) After creating cache with AuthorizationPermission.ALL role ISPN000287 is thrown

Wednesday, 7 May 2014

     [
https://issues.jboss.org/browse/ISPN-4209?page=com.atlassian.jira.plugin....
]

Vitalii Chepeliuk closed ISPN-4209.
-----------------------------------

    Resolution: Won't Fix

This is EAP related issue. Close it. 

...
 After creating cache with AuthorizationPermission.ALL role ISPN000287
is thrown
 -------------------------------------------------------------------------------

                 Key: ISPN-4209
                 URL: https://issues.jboss.org/browse/ISPN-4209
             Project: Infinispan
          Issue Type: Bug
          Components: Security
    Affects Versions: 7.0.0.Alpha1, 7.0.0.Alpha2, 7.0.0.Alpha3
         Environment: WildFly-8.0.0.Final
            Reporter: Vitalii Chepeliuk
            Assignee: Tristan Tarrant
            Priority: Critical
              Labels: 630

 When I want to create cache with  AuthorizationPermission.ALL and get Subject 
 {code}
       Subject admin = getAdminSubject();
       Subject.doAs(admin, new PrivilegedExceptionAction<Void>() {
          public Void run() throws Exception {
             manager = new DefaultCacheManager(globalConfig.build());
             manager.defineConfiguration(CACHE_NAME, cacheConfig.build());
             secureCache = manager.getCache(CACHE_NAME);
             secureCache.put("predefined key", "predefined value");
             return null;
          }
       });
    }
 {code}
 Then following Error is thrown
 {noformat}
 < ERROR!
 java.lang.SecurityException: ISPN000287: Unauthorized access: subject 'Subject:
         Principal: admin(a)INFINISPAN.ORG
         Private Credential: Ticket (hex) =
 0000: 61 81 F0 30 81 ED A0 03   02 01 05 A1 10 1B 0E 49  a..0...........I
 0010: 4E 46 49 4E 49 53 50 41   4E 2E 4F 52 47 A2 23 30  NFINISPAN.ORG.#0
 0020: 21 A0 03 02 01 02 A1 1A   30 18 1B 06 6B 72 62 74  !.......0...krbt
 0030: 67 74 1B 0E 49 4E 46 49   4E 49 53 50 41 4E 2E 4F  gt..INFINISPAN.O
 0040: 52 47 A3 81 AE 30 81 AB   A0 03 02 01 11 A2 81 A3  RG...0..........
 0050: 04 81 A0 C2 86 B1 FF 0F   1D 46 15 A5 7B 10 CB 3C  .........F.....<
 0060: 33 D2 34 69 80 F7 67 08   9F 0A 99 45 C5 6C 1E 6A  3.4i..g....E.l.j
 0070: B7 83 C0 96 10 E7 5F 01   CA 30 08 18 4D 69 1F 16  ......_..0..Mi..
 0080: CD 42 A7 F3 B9 5C 39 7A   21 80 19 21 91 CA 10 3B  .B...\9z!..!...;
 0090: 52 EE 24 B2 40 D2 F8 71   32 01 D9 62 DE 2F C7 1B  R.$.@..q2..b./..
 00A0: 0C A9 CE A9 3B 98 39 CF   90 C5 FF B5 C4 90 50 E5  ....;.9.......P.
 00B0: A6 DD 65 FD F1 27 81 8D   46 05 3A AA 2D E4 A9 4F  ..e..'..F.:.-..O
 00C0: E4 6B B1 25 AD 0D F8 00   3B BF 13 B8 1B 15 09 B9  .k.%....;.......
 00D0: CE F6 4A 4B D8 11 97 4A   09 83 06 ED CB D8 1C BC  ..JK...J........
 00E0: 99 6E 0F BA 35 C0 46 98   57 A3 BE 6D 6D 9E 25 E2  .n..5.F.W..mm.%.
 00F0: D4 1B 1E                                           ...
 Client Principal = admin(a)INFINISPAN.ORG
 Server Principal = krbtgt/INFINISPAN.ORG(a)INFINISPAN.ORG
 Session Key = EncryptionKey: keyType=17 keyBytes (hex dump)=
 0000: 40 72 B5 B3 88 AB 48 DB   59 40 90 85 D1 76 27 E1  @r....H.Y@...v'.
 Forwardable Ticket true
 Forwarded Ticket false
 Proxiable Ticket false
 Proxy Ticket false
 Postdated Ticket false
 Renewable Ticket false
 Initial Ticket false
 Auth Time = Mon Apr 14 21:33:05 CEST 2014
 Start Time = Mon Apr 14 21:33:05 CEST 2014
 End Time = Tue Apr 15 21:33:05 CEST 2014
 Renew Till = null
 Client Addresses  Null
         Private Credential: Kerberos Principal admin(a)INFINISPAN.ORGKey Version 0key
EncryptionKey: keyType=17 keyBytes
 (hex dump)=
 0000: 1F 15 6C 6B 21 66 FA 37   C0 34 44 16 D2 AB 77 09  ..lk!f.7.4D...w.
         Private Credential: Kerberos Principal admin(a)INFINISPAN.ORGKey Version 0key
EncryptionKey: keyType=16 keyBytes
 (hex dump)=
 0000: C7 62 F4 0B C4 9B 08 5D   C4 AD B3 F8 13 54 6B C2  .b.....].....Tk.
 0010: A1 0B 7A 6B F2 8A D5 79                            ..zk...y
         Private Credential: Kerberos Principal admin(a)INFINISPAN.ORGKey Version 0key
EncryptionKey: keyType=23 keyBytes
 (hex dump)=
 0000: 4C 46 F8 52 11 0B 21 CE   E6 0F 99 AD DE DE 34 9C  LF.R..!.......4.
         Private Credential: Kerberos Principal admin(a)INFINISPAN.ORGKey Version 0key
EncryptionKey: keyType=1 keyBytes (hex dump)=
 0000: 89 FD 51 FD C7 46 13 5B                            ..Q..F.[
         Private Credential: Kerberos Principal admin(a)INFINISPAN.ORGKey Version 0key
EncryptionKey: keyType=3 keyBytes (hex dump)=
 0000: 89 FD 51 FD C7 46 13 5B                            ..Q..F.[
 ' lacks 'LIFECYCLE' permission
         at
org.infinispan.security.impl.AuthorizationHelper.checkPermission(AuthorizationHelper.java:30)
         at
org.infinispan.security.impl.AuthorizationManagerImpl.checkPermission(AuthorizationManagerImpl.java:53)
         at org.infinispan.security.impl.SecureCacheImpl.start(SecureCacheImpl.java:80)
         at
org.infinispan.manager.DefaultCacheManager.wireAndStartCache(DefaultCacheManager.java:567)
         at
org.infinispan.manager.DefaultCacheManager.createCache(DefaultCacheManager.java:522)
         at
org.infinispan.manager.DefaultCacheManager.getCache(DefaultCacheManager.java:402)
         at
org.infinispan.integration.security.embedded.AbstractAuthenticationIT$1.run(AbstractAuthenticationIT.java:94)
         at
org.infinispan.integration.security.embedded.AbstractAuthenticationIT$1.run(AbstractAuthenticationIT.java:90)
         at java.security.AccessController.doPrivileged(Native Method)
         at javax.security.auth.Subject.doAs(Subject.java:415)
         at
org.infinispan.integration.security.embedded.AbstractAuthenticationIT.setupCache(AbstractAuthenticationIT.java:90)
 …
 {noformat} 

--
This message was sent by Atlassian JIRA
(v6.2.3#6260)

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009