[JBoss JIRA] (ISPN-4451) Missing ACCESS right

Friday, 27 June 2014

    [
https://issues.jboss.org/browse/ISPN-4451?page=com.atlassian.jira.plugin....
] 

Tristan Tarrant commented on ISPN-4451:
---------------------------------------

Starting a cache (i.e. invoking getCache() on an unstarted cache) is only allowed if the
Subject has LIFECYCLE permission. Once a cache has been started, subsequent getCache()
invocations don't check permissions. However, invoking any operation on the returned
cache requires a permission, so the SecureCache is useless without a valid permission.
We could introduce an ACCESS permission which forbids a getCache() op on a started cache,
but I don't see this as critical.

...
 Missing ACCESS right
 --------------------

                 Key: ISPN-4451
                 URL: https://issues.jboss.org/browse/ISPN-4451
             Project: Infinispan
          Issue Type: Bug
      Security Level: Public(Everyone can see) 
          Components: Security
            Reporter: Vojtech Juranek
            Assignee: Tristan Tarrant

 When security is turned on ({{cacheConfig.security().authorization().enable()}}), any
user can obtain/create a cache, even unauthorized users. This should be allowed only for
users with right {{ACCESS}}. This right is actually not present in
{{AuthorizationPermission}}. 

--
This message was sent by Atlassian JIRA
(v6.2.6#6264)

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009