[infinispan-issues] [JBoss JIRA] (ISPN-4451) Missing ACCESS right

Sat Jun 28 10:52:24 EDT 2014

    [ https://issues.jboss.org/browse/ISPN-4451?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12980100#comment-12980100 ] 

Tristan Tarrant commented on ISPN-4451:
---------------------------------------

I'm going to check about the LIFECYCLE permission on starting a cache, and maybe add a check for any permission on the getCache() (i.e. anything greater than NONE)

> Missing ACCESS right
> --------------------
>
>                 Key: ISPN-4451
>                 URL: https://issues.jboss.org/browse/ISPN-4451
>             Project: Infinispan
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: Security
>            Reporter: Vojtech Juranek
>            Assignee: Tristan Tarrant
>
> When security is turned on ({{cacheConfig.security().authorization().enable()}}), any user can obtain/create a cache, even unauthorized users. This should be allowed only for users with right {{ACCESS}}. This right is actually not present in {{AuthorizationPermission}}.

--
This message was sent by Atlassian JIRA
(v6.2.6#6264)