[infinispan-issues] [JBoss JIRA] (ISPN-4209) After creating cache with AuthorizationPermission.ALL role ISPN000287 is thrown
Vitalii Chepeliuk (JIRA)
issues at jboss.org
Wed May 7 04:38:58 EDT 2014
[ https://issues.jboss.org/browse/ISPN-4209?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Vitalii Chepeliuk closed ISPN-4209.
-----------------------------------
Resolution: Won't Fix
This is EAP related issue. Close it.
> After creating cache with AuthorizationPermission.ALL role ISPN000287 is thrown
> -------------------------------------------------------------------------------
>
> Key: ISPN-4209
> URL: https://issues.jboss.org/browse/ISPN-4209
> Project: Infinispan
> Issue Type: Bug
> Components: Security
> Affects Versions: 7.0.0.Alpha1, 7.0.0.Alpha2, 7.0.0.Alpha3
> Environment: WildFly-8.0.0.Final
> Reporter: Vitalii Chepeliuk
> Assignee: Tristan Tarrant
> Priority: Critical
> Labels: 630
>
> When I want to create cache with AuthorizationPermission.ALL and get Subject
> {code}
> Subject admin = getAdminSubject();
> Subject.doAs(admin, new PrivilegedExceptionAction<Void>() {
> public Void run() throws Exception {
> manager = new DefaultCacheManager(globalConfig.build());
> manager.defineConfiguration(CACHE_NAME, cacheConfig.build());
> secureCache = manager.getCache(CACHE_NAME);
> secureCache.put("predefined key", "predefined value");
> return null;
> }
> });
> }
> {code}
> Then following Error is thrown
> {noformat}
> < ERROR!
> java.lang.SecurityException: ISPN000287: Unauthorized access: subject 'Subject:
> Principal: admin at INFINISPAN.ORG
> Private Credential: Ticket (hex) =
> 0000: 61 81 F0 30 81 ED A0 03 02 01 05 A1 10 1B 0E 49 a..0...........I
> 0010: 4E 46 49 4E 49 53 50 41 4E 2E 4F 52 47 A2 23 30 NFINISPAN.ORG.#0
> 0020: 21 A0 03 02 01 02 A1 1A 30 18 1B 06 6B 72 62 74 !.......0...krbt
> 0030: 67 74 1B 0E 49 4E 46 49 4E 49 53 50 41 4E 2E 4F gt..INFINISPAN.O
> 0040: 52 47 A3 81 AE 30 81 AB A0 03 02 01 11 A2 81 A3 RG...0..........
> 0050: 04 81 A0 C2 86 B1 FF 0F 1D 46 15 A5 7B 10 CB 3C .........F.....<
> 0060: 33 D2 34 69 80 F7 67 08 9F 0A 99 45 C5 6C 1E 6A 3.4i..g....E.l.j
> 0070: B7 83 C0 96 10 E7 5F 01 CA 30 08 18 4D 69 1F 16 ......_..0..Mi..
> 0080: CD 42 A7 F3 B9 5C 39 7A 21 80 19 21 91 CA 10 3B .B...\9z!..!...;
> 0090: 52 EE 24 B2 40 D2 F8 71 32 01 D9 62 DE 2F C7 1B R.$. at ..q2..b./..
> 00A0: 0C A9 CE A9 3B 98 39 CF 90 C5 FF B5 C4 90 50 E5 ....;.9.......P.
> 00B0: A6 DD 65 FD F1 27 81 8D 46 05 3A AA 2D E4 A9 4F ..e..'..F.:.-..O
> 00C0: E4 6B B1 25 AD 0D F8 00 3B BF 13 B8 1B 15 09 B9 .k.%....;.......
> 00D0: CE F6 4A 4B D8 11 97 4A 09 83 06 ED CB D8 1C BC ..JK...J........
> 00E0: 99 6E 0F BA 35 C0 46 98 57 A3 BE 6D 6D 9E 25 E2 .n..5.F.W..mm.%.
> 00F0: D4 1B 1E ...
> Client Principal = admin at INFINISPAN.ORG
> Server Principal = krbtgt/INFINISPAN.ORG at INFINISPAN.ORG
> Session Key = EncryptionKey: keyType=17 keyBytes (hex dump)=
> 0000: 40 72 B5 B3 88 AB 48 DB 59 40 90 85 D1 76 27 E1 @r....H.Y at ...v'.
> Forwardable Ticket true
> Forwarded Ticket false
> Proxiable Ticket false
> Proxy Ticket false
> Postdated Ticket false
> Renewable Ticket false
> Initial Ticket false
> Auth Time = Mon Apr 14 21:33:05 CEST 2014
> Start Time = Mon Apr 14 21:33:05 CEST 2014
> End Time = Tue Apr 15 21:33:05 CEST 2014
> Renew Till = null
> Client Addresses Null
> Private Credential: Kerberos Principal admin at INFINISPAN.ORGKey Version 0key EncryptionKey: keyType=17 keyBytes
> (hex dump)=
> 0000: 1F 15 6C 6B 21 66 FA 37 C0 34 44 16 D2 AB 77 09 ..lk!f.7.4D...w.
> Private Credential: Kerberos Principal admin at INFINISPAN.ORGKey Version 0key EncryptionKey: keyType=16 keyBytes
> (hex dump)=
> 0000: C7 62 F4 0B C4 9B 08 5D C4 AD B3 F8 13 54 6B C2 .b.....].....Tk.
> 0010: A1 0B 7A 6B F2 8A D5 79 ..zk...y
> Private Credential: Kerberos Principal admin at INFINISPAN.ORGKey Version 0key EncryptionKey: keyType=23 keyBytes
> (hex dump)=
> 0000: 4C 46 F8 52 11 0B 21 CE E6 0F 99 AD DE DE 34 9C LF.R..!.......4.
> Private Credential: Kerberos Principal admin at INFINISPAN.ORGKey Version 0key EncryptionKey: keyType=1 keyBytes (hex dump)=
> 0000: 89 FD 51 FD C7 46 13 5B ..Q..F.[
> Private Credential: Kerberos Principal admin at INFINISPAN.ORGKey Version 0key EncryptionKey: keyType=3 keyBytes (hex dump)=
> 0000: 89 FD 51 FD C7 46 13 5B ..Q..F.[
> ' lacks 'LIFECYCLE' permission
> at org.infinispan.security.impl.AuthorizationHelper.checkPermission(AuthorizationHelper.java:30)
> at org.infinispan.security.impl.AuthorizationManagerImpl.checkPermission(AuthorizationManagerImpl.java:53)
> at org.infinispan.security.impl.SecureCacheImpl.start(SecureCacheImpl.java:80)
> at org.infinispan.manager.DefaultCacheManager.wireAndStartCache(DefaultCacheManager.java:567)
> at org.infinispan.manager.DefaultCacheManager.createCache(DefaultCacheManager.java:522)
> at org.infinispan.manager.DefaultCacheManager.getCache(DefaultCacheManager.java:402)
> at org.infinispan.integration.security.embedded.AbstractAuthenticationIT$1.run(AbstractAuthenticationIT.java:94)
> at org.infinispan.integration.security.embedded.AbstractAuthenticationIT$1.run(AbstractAuthenticationIT.java:90)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAs(Subject.java:415)
> at org.infinispan.integration.security.embedded.AbstractAuthenticationIT.setupCache(AbstractAuthenticationIT.java:90)
> …
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.2.3#6260)
More information about the infinispan-issues
mailing list