Uploaded image for project: 'Infinispan'
  1. Infinispan
  2. ISPN-4209

After creating cache with AuthorizationPermission.ALL role ISPN000287 is thrown

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Critical
    • Resolution: Won't Fix
    • Affects Version/s: 7.0.0.Alpha1, 7.0.0.Alpha2, 7.0.0.Alpha3
    • Fix Version/s: None
    • Component/s: Security
    • Labels:

      Description

      When I want to create cache with AuthorizationPermission.ALL and get Subject

            Subject admin = getAdminSubject();
            Subject.doAs(admin, new PrivilegedExceptionAction<Void>() {
               public Void run() throws Exception {
                  manager = new DefaultCacheManager(globalConfig.build());
                  manager.defineConfiguration(CACHE_NAME, cacheConfig.build());
                  secureCache = manager.getCache(CACHE_NAME);
                  secureCache.put("predefined key", "predefined value");
                  return null;
               }
            });
         }
      

      Then following Error is thrown

      < ERROR!
      java.lang.SecurityException: ISPN000287: Unauthorized access: subject 'Subject:
              Principal: admin@INFINISPAN.ORG
              Private Credential: Ticket (hex) =
      0000: 61 81 F0 30 81 ED A0 03   02 01 05 A1 10 1B 0E 49  a..0...........I
      0010: 4E 46 49 4E 49 53 50 41   4E 2E 4F 52 47 A2 23 30  NFINISPAN.ORG.#0
      0020: 21 A0 03 02 01 02 A1 1A   30 18 1B 06 6B 72 62 74  !.......0...krbt
      0030: 67 74 1B 0E 49 4E 46 49   4E 49 53 50 41 4E 2E 4F  gt..INFINISPAN.O
      0040: 52 47 A3 81 AE 30 81 AB   A0 03 02 01 11 A2 81 A3  RG...0..........
      0050: 04 81 A0 C2 86 B1 FF 0F   1D 46 15 A5 7B 10 CB 3C  .........F.....<
      0060: 33 D2 34 69 80 F7 67 08   9F 0A 99 45 C5 6C 1E 6A  3.4i..g....E.l.j
      0070: B7 83 C0 96 10 E7 5F 01   CA 30 08 18 4D 69 1F 16  ......_..0..Mi..
      0080: CD 42 A7 F3 B9 5C 39 7A   21 80 19 21 91 CA 10 3B  .B...\9z!..!...;
      0090: 52 EE 24 B2 40 D2 F8 71   32 01 D9 62 DE 2F C7 1B  R.$.@..q2..b./..
      00A0: 0C A9 CE A9 3B 98 39 CF   90 C5 FF B5 C4 90 50 E5  ....;.9.......P.
      00B0: A6 DD 65 FD F1 27 81 8D   46 05 3A AA 2D E4 A9 4F  ..e..'..F.:.-..O
      00C0: E4 6B B1 25 AD 0D F8 00   3B BF 13 B8 1B 15 09 B9  .k.%....;.......
      00D0: CE F6 4A 4B D8 11 97 4A   09 83 06 ED CB D8 1C BC  ..JK...J........
      00E0: 99 6E 0F BA 35 C0 46 98   57 A3 BE 6D 6D 9E 25 E2  .n..5.F.W..mm.%.
      00F0: D4 1B 1E                                           ...
      Client Principal = admin@INFINISPAN.ORG
      Server Principal = krbtgt/INFINISPAN.ORG@INFINISPAN.ORG
      Session Key = EncryptionKey: keyType=17 keyBytes (hex dump)=
      0000: 40 72 B5 B3 88 AB 48 DB   59 40 90 85 D1 76 27 E1  @r....H.Y@...v'.
      Forwardable Ticket true
      Forwarded Ticket false
      Proxiable Ticket false
      Proxy Ticket false
      Postdated Ticket false
      Renewable Ticket false
      Initial Ticket false
      Auth Time = Mon Apr 14 21:33:05 CEST 2014
      Start Time = Mon Apr 14 21:33:05 CEST 2014
      End Time = Tue Apr 15 21:33:05 CEST 2014
      Renew Till = null
      Client Addresses  Null
              Private Credential: Kerberos Principal admin@INFINISPAN.ORGKey Version 0key EncryptionKey: keyType=17 keyBytes
      (hex dump)=
      0000: 1F 15 6C 6B 21 66 FA 37   C0 34 44 16 D2 AB 77 09  ..lk!f.7.4D...w.
              Private Credential: Kerberos Principal admin@INFINISPAN.ORGKey Version 0key EncryptionKey: keyType=16 keyBytes
      (hex dump)=
      0000: C7 62 F4 0B C4 9B 08 5D   C4 AD B3 F8 13 54 6B C2  .b.....].....Tk.
      0010: A1 0B 7A 6B F2 8A D5 79                            ..zk...y
              Private Credential: Kerberos Principal admin@INFINISPAN.ORGKey Version 0key EncryptionKey: keyType=23 keyBytes
      (hex dump)=
      0000: 4C 46 F8 52 11 0B 21 CE   E6 0F 99 AD DE DE 34 9C  LF.R..!.......4.
              Private Credential: Kerberos Principal admin@INFINISPAN.ORGKey Version 0key EncryptionKey: keyType=1 keyBytes (hex dump)=
      0000: 89 FD 51 FD C7 46 13 5B                            ..Q..F.[
              Private Credential: Kerberos Principal admin@INFINISPAN.ORGKey Version 0key EncryptionKey: keyType=3 keyBytes (hex dump)=
      0000: 89 FD 51 FD C7 46 13 5B                            ..Q..F.[
      ' lacks 'LIFECYCLE' permission
              at org.infinispan.security.impl.AuthorizationHelper.checkPermission(AuthorizationHelper.java:30)
              at org.infinispan.security.impl.AuthorizationManagerImpl.checkPermission(AuthorizationManagerImpl.java:53)
              at org.infinispan.security.impl.SecureCacheImpl.start(SecureCacheImpl.java:80)
              at org.infinispan.manager.DefaultCacheManager.wireAndStartCache(DefaultCacheManager.java:567)
              at org.infinispan.manager.DefaultCacheManager.createCache(DefaultCacheManager.java:522)
              at org.infinispan.manager.DefaultCacheManager.getCache(DefaultCacheManager.java:402)
              at org.infinispan.integration.security.embedded.AbstractAuthenticationIT$1.run(AbstractAuthenticationIT.java:94)
              at org.infinispan.integration.security.embedded.AbstractAuthenticationIT$1.run(AbstractAuthenticationIT.java:90)
              at java.security.AccessController.doPrivileged(Native Method)
              at javax.security.auth.Subject.doAs(Subject.java:415)
              at org.infinispan.integration.security.embedded.AbstractAuthenticationIT.setupCache(AbstractAuthenticationIT.java:90)
      …
      

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                NadirX Tristan Tarrant
                Reporter:
                vchepeli Vitalii Chepeliuk
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: