[
https://issues.jboss.org/browse/ISPN-4451?page=com.atlassian.jira.plugin....
]
Vojtech Juranek commented on ISPN-4451:
---------------------------------------
For the record: failing test was wrong as it used non-exiting caches and default cache
wasn't configured with security turned on, therefore newly created cache also
didn't use any security checks.
Missing ACCESS right
--------------------
Key: ISPN-4451
URL:
https://issues.jboss.org/browse/ISPN-4451
Project: Infinispan
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: Security
Reporter: Vojtech Juranek
Assignee: Tristan Tarrant
When security is turned on ({{cacheConfig.security().authorization().enable()}}), any
user can obtain/create a cache, even unauthorized users. This should be allowed only for
users with right {{ACCESS}}. This right is actually not present in
{{AuthorizationPermission}}.
--
This message was sent by Atlassian JIRA
(v6.2.6#6264)