[infinispan-issues] [JBoss JIRA] (ISPN-4451) Missing ACCESS right

Fri Jun 27 12:34:24 EDT 2014

    [ https://issues.jboss.org/browse/ISPN-4451?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12980027#comment-12980027 ] 

Vojtech Juranek commented on ISPN-4451:
---------------------------------------

I was able to create new cache with any user, no matter if it has {{LIFECYCLE}} permission or not, so IMHO it's critical. Once it requires {{LIFECYCLE}} permission, {{ACCESS}} is IMHO not very important (or the issue is definitely not critical).

> Missing ACCESS right
> --------------------
>
>                 Key: ISPN-4451
>                 URL: https://issues.jboss.org/browse/ISPN-4451
>             Project: Infinispan
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: Security
>            Reporter: Vojtech Juranek
>            Assignee: Tristan Tarrant
>
> When security is turned on ({{cacheConfig.security().authorization().enable()}}), any user can obtain/create a cache, even unauthorized users. This should be allowed only for users with right {{ACCESS}}. This right is actually not present in {{AuthorizationPermission}}.

--
This message was sent by Atlassian JIRA
(v6.2.6#6264)