Uploaded image for project: 'Infinispan'
  1. Infinispan
  2. ISPN-4209

After creating cache with AuthorizationPermission.ALL role ISPN000287 is thrown

    XMLWordPrintable

Details

    • Bug
    • Resolution: Won't Do
    • Critical
    • None
    • 7.0.0.Alpha1, 7.0.0.Alpha2, 7.0.0.Alpha3
    • Security

    Description

      When I want to create cache with AuthorizationPermission.ALL and get Subject 

            Subject admin = getAdminSubject();
      Subject.doAs(admin, new PrivilegedExceptionAction<Void>() {
         public Void run() throws Exception {
            manager = new DefaultCacheManager(globalConfig.build());
            manager.defineConfiguration(CACHE_NAME, cacheConfig.build());
            secureCache = manager.getCache(CACHE_NAME);
            secureCache.put("predefined key", "predefined value");
            return null;
         }
      });
   }

      Then following Error is thrown

      < ERROR!
java.lang.SecurityException: ISPN000287: Unauthorized access: subject 'Subject:
        Principal: admin@INFINISPAN.ORG
        Private Credential: Ticket (hex) =
0000: 61 81 F0 30 81 ED A0 03   02 01 05 A1 10 1B 0E 49  a..0...........I
0010: 4E 46 49 4E 49 53 50 41   4E 2E 4F 52 47 A2 23 30  NFINISPAN.ORG.#0
0020: 21 A0 03 02 01 02 A1 1A   30 18 1B 06 6B 72 62 74  !.......0...krbt
0030: 67 74 1B 0E 49 4E 46 49   4E 49 53 50 41 4E 2E 4F  gt..INFINISPAN.O
0040: 52 47 A3 81 AE 30 81 AB   A0 03 02 01 11 A2 81 A3  RG...0..........
0050: 04 81 A0 C2 86 B1 FF 0F   1D 46 15 A5 7B 10 CB 3C  .........F.....<
0060: 33 D2 34 69 80 F7 67 08   9F 0A 99 45 C5 6C 1E 6A  3.4i..g....E.l.j
0070: B7 83 C0 96 10 E7 5F 01   CA 30 08 18 4D 69 1F 16  ......_..0..Mi..
0080: CD 42 A7 F3 B9 5C 39 7A   21 80 19 21 91 CA 10 3B  .B...\9z!..!...;
0090: 52 EE 24 B2 40 D2 F8 71   32 01 D9 62 DE 2F C7 1B  R.$.@..q2..b./..
00A0: 0C A9 CE A9 3B 98 39 CF   90 C5 FF B5 C4 90 50 E5  ....;.9.......P.
00B0: A6 DD 65 FD F1 27 81 8D   46 05 3A AA 2D E4 A9 4F  ..e..'..F.:.-..O
00C0: E4 6B B1 25 AD 0D F8 00   3B BF 13 B8 1B 15 09 B9  .k.%....;.......
00D0: CE F6 4A 4B D8 11 97 4A   09 83 06 ED CB D8 1C BC  ..JK...J........
00E0: 99 6E 0F BA 35 C0 46 98   57 A3 BE 6D 6D 9E 25 E2  .n..5.F.W..mm.%.
00F0: D4 1B 1E                                           ...
Client Principal = admin@INFINISPAN.ORG
Server Principal = krbtgt/INFINISPAN.ORG@INFINISPAN.ORG
Session Key = EncryptionKey: keyType=17 keyBytes (hex dump)=
0000: 40 72 B5 B3 88 AB 48 DB   59 40 90 85 D1 76 27 E1  @r....H.Y@...v'.
Forwardable Ticket true
Forwarded Ticket false
Proxiable Ticket false
Proxy Ticket false
Postdated Ticket false
Renewable Ticket false
Initial Ticket false
Auth Time = Mon Apr 14 21:33:05 CEST 2014
Start Time = Mon Apr 14 21:33:05 CEST 2014
End Time = Tue Apr 15 21:33:05 CEST 2014
Renew Till = null
Client Addresses  Null
        Private Credential: Kerberos Principal admin@INFINISPAN.ORGKey Version 0key EncryptionKey: keyType=17 keyBytes
(hex dump)=
0000: 1F 15 6C 6B 21 66 FA 37   C0 34 44 16 D2 AB 77 09  ..lk!f.7.4D...w.
        Private Credential: Kerberos Principal admin@INFINISPAN.ORGKey Version 0key EncryptionKey: keyType=16 keyBytes
(hex dump)=
0000: C7 62 F4 0B C4 9B 08 5D   C4 AD B3 F8 13 54 6B C2  .b.....].....Tk.
0010: A1 0B 7A 6B F2 8A D5 79                            ..zk...y
        Private Credential: Kerberos Principal admin@INFINISPAN.ORGKey Version 0key EncryptionKey: keyType=23 keyBytes
(hex dump)=
0000: 4C 46 F8 52 11 0B 21 CE   E6 0F 99 AD DE DE 34 9C  LF.R..!.......4.
        Private Credential: Kerberos Principal admin@INFINISPAN.ORGKey Version 0key EncryptionKey: keyType=1 keyBytes (hex dump)=
0000: 89 FD 51 FD C7 46 13 5B                            ..Q..F.[
        Private Credential: Kerberos Principal admin@INFINISPAN.ORGKey Version 0key EncryptionKey: keyType=3 keyBytes (hex dump)=
0000: 89 FD 51 FD C7 46 13 5B                            ..Q..F.[
' lacks 'LIFECYCLE' permission
        at org.infinispan.security.impl.AuthorizationHelper.checkPermission(AuthorizationHelper.java:30)
        at org.infinispan.security.impl.AuthorizationManagerImpl.checkPermission(AuthorizationManagerImpl.java:53)
        at org.infinispan.security.impl.SecureCacheImpl.start(SecureCacheImpl.java:80)
        at org.infinispan.manager.DefaultCacheManager.wireAndStartCache(DefaultCacheManager.java:567)
        at org.infinispan.manager.DefaultCacheManager.createCache(DefaultCacheManager.java:522)
        at org.infinispan.manager.DefaultCacheManager.getCache(DefaultCacheManager.java:402)
        at org.infinispan.integration.security.embedded.AbstractAuthenticationIT$1.run(AbstractAuthenticationIT.java:94)
        at org.infinispan.integration.security.embedded.AbstractAuthenticationIT$1.run(AbstractAuthenticationIT.java:90)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAs(Subject.java:415)
        at org.infinispan.integration.security.embedded.AbstractAuthenticationIT.setupCache(AbstractAuthenticationIT.java:90)
…

      Attachments

        Activity

          People

            ttarrant@redhat.com Tristan Tarrant
            vchepeli_jira Vitalii Chepeliuk (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: