[infinispan-issues] [JBoss JIRA] (ISPN-9599) DefaultCacheManager.getGlobalComponentRegistry should require ADMIN permission
Tristan Tarrant (Jira)
issues at jboss.org
Fri Nov 22 04:59:23 EST 2019
[ https://issues.jboss.org/browse/ISPN-9599?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Tristan Tarrant updated ISPN-9599:
----------------------------------
Sprint: Sprint 10.0.0.Alpha1, Sprint 10.0.0.Alpha2, Sprint 10.0.0.Alpha0, Sprint 10.0.0.Beta1, DataGrid Sprint #31, DataGrid Sprint #32, DataGrid Sprint #33, DataGrid Sprint #34, DataGrid Sprint #35, DataGrid Sprint #36, DataGrid Sprint #37 (was: Sprint 10.0.0.Alpha1, Sprint 10.0.0.Alpha2, Sprint 10.0.0.Alpha0, Sprint 10.0.0.Beta1, DataGrid Sprint #31, DataGrid Sprint #32, DataGrid Sprint #33, DataGrid Sprint #34, DataGrid Sprint #35, DataGrid Sprint #36)
> DefaultCacheManager.getGlobalComponentRegistry should require ADMIN permission
> ------------------------------------------------------------------------------
>
> Key: ISPN-9599
> URL: https://issues.jboss.org/browse/ISPN-9599
> Project: Infinispan
> Issue Type: Bug
> Components: Core
> Affects Versions: 9.3.3.Final, 9.4.0.Final
> Reporter: dan.berindei
> Assignee: dan.berindei
> Priority: Major
> Fix For: 10.0.0.Final, 9.4.17.Final
>
>
> {{DefaultCacheManager.getGlobalComponentRegistry()}} allows invoking any component without additional permission checks, so it needs ADMIN permission.
> {{DefaultCacheManager.getCacheManagerConfiguration()}} also allows access to some internal components, so it also needs ADMIN permission.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
More information about the infinispan-issues
mailing list