[infinispan-issues] [JBoss JIRA] (ISPN-9599) DefaultCacheManager.getGlobalComponentRegistry should require ADMIN permission
Pedro Zapata Fernandez (Jira)
issues at jboss.org
Tue Dec 10 04:17:26 EST 2019
[ https://issues.redhat.com/browse/ISPN-9599?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Pedro Zapata Fernandez updated ISPN-9599:
-----------------------------------------
Sprint: Sprint 10.0.0.Alpha1, Sprint 10.0.0.Alpha2, Sprint 10.0.0.Alpha0, Sprint 10.0.0.Beta1, DataGrid Sprint #31, DataGrid Sprint #32, DataGrid Sprint #33, DataGrid Sprint #34, DataGrid Sprint #35, DataGrid Sprint #36, DataGrid Sprint #37, DataGrid Sprint #38 (was: Sprint 10.0.0.Alpha1, Sprint 10.0.0.Alpha2, Sprint 10.0.0.Alpha0, Sprint 10.0.0.Beta1, DataGrid Sprint #31, DataGrid Sprint #32, DataGrid Sprint #33, DataGrid Sprint #34, DataGrid Sprint #35, DataGrid Sprint #36, DataGrid Sprint #37)
> DefaultCacheManager.getGlobalComponentRegistry should require ADMIN permission
> ------------------------------------------------------------------------------
>
> Key: ISPN-9599
> URL: https://issues.redhat.com/browse/ISPN-9599
> Project: Infinispan
> Issue Type: Bug
> Components: Core
> Affects Versions: 9.3.3.Final, 9.4.0.Final
> Reporter: Dan Berindei
> Assignee: Dan Berindei
> Priority: Major
> Fix For: 10.0.0.Final, 9.4.17.Final
>
>
> {{DefaultCacheManager.getGlobalComponentRegistry()}} allows invoking any component without additional permission checks, so it needs ADMIN permission.
> {{DefaultCacheManager.getCacheManagerConfiguration()}} also allows access to some internal components, so it also needs ADMIN permission.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
More information about the infinispan-issues
mailing list