February 2016 - infinispan-issues

[JBoss JIRA] (ISPN-6261) CLI fails on secured caches

by Vojtech Juranek (JIRA)

Vojtech Juranek created ISPN-6261: ------------------------------------- Summary: CLI fails on secured caches Key: ISPN-6261 URL: https://issues.jboss.org/browse/ISPN-6261 Project: Infinispan Issue Type: Bug Components: CLI, Security Reporter: Vojtech Juranek Assignee: Vojtech Juranek When running CLI on secured caches, it fails with exception bellow. This exception is quite confusing, as user has properly defined ADMIN permission on given cache. What is actually happening is that some operation, like statistics, called by CLI, iterates over all defined caches, including internal caches, and user hasn't required permission on all these caches (in this case on internal script cache) {noformat} 00:04:23,563 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 1) WFLYCTL0013: Operation ("read-attribute") failed - address: ([ ("subsystem" => "datagrid-infinispan"), ("cache-container" => "local") ]): java.lang.SecurityException: ISPN000287: Unauthorized access: subject 'Subject with principal(s): [user@ManagementRealm, admin@ManagementRealm, admin, org.jboss.remoting3.security.UserPrincipal@36ebcb, InetAddressPrincipal <127.0.0.1/127.0.0.1>, InetAddressPrincipal <127.0.0.1/127.0.0.1>]' lacks 'ADMIN' permission at org.infinispan.security.impl.AuthorizationHelper.checkPermission(AuthorizationHelper.java:86) at org.infinispan.security.impl.AuthorizationManagerImpl.checkPermission(AuthorizationManagerImpl.java:37) at org.infinispan.security.impl.SecureCacheImpl.getStats(SecureCacheImpl.java:567) at org.infinispan.stats.impl.CacheContainerStatsImpl.calculateAverageRemoveTime(CacheContainerStatsImpl.java:131) at org.infinispan.stats.impl.CacheContainerStatsImpl.getAverageRemoveTime(CacheContainerStatsImpl.java:121) at org.jboss.as.clustering.infinispan.subsystem.CacheContainerMetricsHandler.executeRuntimeStep(CacheContainerMetricsHandler.java:196) at org.jboss.as.controller.AbstractRuntimeOnlyHandler$1.execute(AbstractRuntimeOnlyHandler.java:53) {noformat} -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 1 month

1
0
0 / 0

[JBoss JIRA] (ISPN-5876) Pre-commit cache invalidation creates stale cache vulnerability

by RH Bugzilla Integration (JIRA)

[ https://issues.jboss.org/browse/ISPN-5876?page=com.atlassian.jira.plugin.... ] RH Bugzilla Integration commented on ISPN-5876: ----------------------------------------------- Vladimir Dosoudil <dosoudil(a)redhat.com> changed the Status of [bug 1273147|https://bugzilla.redhat.com/show_bug.cgi?id=1273147] from MODIFIED to ON_QA > Pre-commit cache invalidation creates stale cache vulnerability > --------------------------------------------------------------- > > Key: ISPN-5876 > URL: https://issues.jboss.org/browse/ISPN-5876 > Project: Infinispan > Issue Type: Bug > Components: Transactions > Affects Versions: 5.2.7.Final > Reporter: Stephen Fikes > Assignee: Galder Zamarreño > Fix For: 5.2.15.Final, 8.1.0.Beta1, 8.1.0.Final > > > In a cluster where Infinispan serves as the level 2 cache for Hibernate (configured for invalidation), because invalidation requests for modified entities are sent *before* database commit, it is possible for nodes receiving the invalidation request to perform eviction and then (due to "local" read requests) reload the evicted entities prior to the time the database commit takes place in the server where the entity was modified. > Consequently, other servers in the cluster may contain data that remains stale until a subsequent change in another server or until the entity times out from lack of use. > It isn't easy to write a testcase for this - it required manual intervention to reproduce - but can be seen with any entity class, cluster, etc. (at least using Oracle - results may vary with specific databases) so I've not attached a testcase. The issue can be seen/understood by code inspection (i.e. the timing of invalidation vs. database commit). That said, my test consisted of a two node cluster and I used Byteman rules to delay database commit of a change to an entity (with an optimistic version property) long enough in "server 1" for eviction to complete and a subsequent re-read (by a worker thread on behalf of an EJB) to take place in "server 2". Following the re-read in "server 2", I the database commit proceeds in "server 1" and "server 2" now has a stale copy of the entity in cache. > One option is pessimistic locking which will block any read attempt until the DB commit completes. It is not feasible, however, for many applications to use pessimistic locking for all reads as this can have a severe impact on concurrency - and is the reason for using optimistic version control. But due to the early timing of invalidation broadcast (*before* database commit, while the data is not yet stale), optimistic locking is insufficient to guard against "permanently" stale data. We did see that some databases default to blocking repeatable reads even outside of transactions and without explicit lock requests. Oracle does not provide such a mode. So, all reads must be implemented to use pessimistic locks (which must be enclosed in explicit transactions - (b)locking reads are disallowed when autocommit=true in Oracle) and this could require significant effort (re-writes) to use pessimistic reads throughout - in addition to the performance issues this can introduce. > If broadcast of an invalidation message always occurs *after* database commit, optimistic control attributes are sufficient to block attempts to write stale data and though a few failures may occur (as they would in a single server with multiple active threads), it can be known that the stale data will be removed in some finite period. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 1 month

1
0
0 / 0

[JBoss JIRA] (ISPN-6259) CacheManager getCacheNames includes configuration names

by Tristan Tarrant (JIRA)

[ https://issues.jboss.org/browse/ISPN-6259?page=com.atlassian.jira.plugin.... ] Tristan Tarrant updated ISPN-6259: ---------------------------------- Status: Open (was: New) > CacheManager getCacheNames includes configuration names > ------------------------------------------------------- > > Key: ISPN-6259 > URL: https://issues.jboss.org/browse/ISPN-6259 > Project: Infinispan > Issue Type: Bug > Reporter: Tristan Tarrant > Fix For: 8.2.0.Final > > > The DefaultCacheManager#getCacheNames() returns a list of names which includes both caches and bare configurations. The latter should be excluded and preferably some additional methods added to return defined configurations -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 1 month

1
0
0 / 0

[JBoss JIRA] (ISPN-6259) CacheManager getCacheNames includes configuration names

by Tristan Tarrant (JIRA)

[ https://issues.jboss.org/browse/ISPN-6259?page=com.atlassian.jira.plugin.... ] Tristan Tarrant reassigned ISPN-6259: ------------------------------------- Assignee: Tristan Tarrant > CacheManager getCacheNames includes configuration names > ------------------------------------------------------- > > Key: ISPN-6259 > URL: https://issues.jboss.org/browse/ISPN-6259 > Project: Infinispan > Issue Type: Bug > Reporter: Tristan Tarrant > Assignee: Tristan Tarrant > Fix For: 8.2.0.Final > > > The DefaultCacheManager#getCacheNames() returns a list of names which includes both caches and bare configurations. The latter should be excluded and preferably some additional methods added to return defined configurations -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 1 month

1
0
0 / 0

[JBoss JIRA] (ISPN-6259) CacheManager getCacheNames includes configuration names

by Tristan Tarrant (JIRA)

[ https://issues.jboss.org/browse/ISPN-6259?page=com.atlassian.jira.plugin.... ] Tristan Tarrant updated ISPN-6259: ---------------------------------- Status: Pull Request Sent (was: Open) Git Pull Request: https://github.com/infinispan/infinispan/pull/4036 > CacheManager getCacheNames includes configuration names > ------------------------------------------------------- > > Key: ISPN-6259 > URL: https://issues.jboss.org/browse/ISPN-6259 > Project: Infinispan > Issue Type: Bug > Reporter: Tristan Tarrant > Assignee: Tristan Tarrant > Fix For: 8.2.0.Final > > > The DefaultCacheManager#getCacheNames() returns a list of names which includes both caches and bare configurations. The latter should be excluded and preferably some additional methods added to return defined configurations -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 1 month

1
0
0 / 0

[JBoss JIRA] (ISPN-6259) CacheManager getCacheNames includes configuration names

by Tristan Tarrant (JIRA)

[ https://issues.jboss.org/browse/ISPN-6259?page=com.atlassian.jira.plugin.... ] Tristan Tarrant updated ISPN-6259: ---------------------------------- Fix Version/s: 8.2.0.Final > CacheManager getCacheNames includes configuration names > ------------------------------------------------------- > > Key: ISPN-6259 > URL: https://issues.jboss.org/browse/ISPN-6259 > Project: Infinispan > Issue Type: Bug > Reporter: Tristan Tarrant > Assignee: Tristan Tarrant > Fix For: 8.2.0.Final > > > The DefaultCacheManager#getCacheNames() returns a list of names which includes both caches and bare configurations. The latter should be excluded and preferably some additional methods added to return defined configurations -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 1 month

1
0
0 / 0

[JBoss JIRA] (ISPN-6260) Default domain configuration should include example templates

by Tristan Tarrant (JIRA)

[ https://issues.jboss.org/browse/ISPN-6260?page=com.atlassian.jira.plugin.... ] Tristan Tarrant updated ISPN-6260: ---------------------------------- Status: Open (was: New) > Default domain configuration should include example templates > ------------------------------------------------------------- > > Key: ISPN-6260 > URL: https://issues.jboss.org/browse/ISPN-6260 > Project: Infinispan > Issue Type: Task > Components: Server > Reporter: Tristan Tarrant > Assignee: Tristan Tarrant > Fix For: 8.2.0.Final > > > The default domain configuration should include some example templates for various cache stores, indexes, transactions, eviction, etc -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 1 month

1
0
0 / 0

[JBoss JIRA] (ISPN-6260) Default domain configuration should include example templates

by Tristan Tarrant (JIRA)

[ https://issues.jboss.org/browse/ISPN-6260?page=com.atlassian.jira.plugin.... ] Tristan Tarrant updated ISPN-6260: ---------------------------------- Status: Pull Request Sent (was: Open) Git Pull Request: https://github.com/infinispan/infinispan/pull/4036 > Default domain configuration should include example templates > ------------------------------------------------------------- > > Key: ISPN-6260 > URL: https://issues.jboss.org/browse/ISPN-6260 > Project: Infinispan > Issue Type: Task > Components: Server > Reporter: Tristan Tarrant > Assignee: Tristan Tarrant > Fix For: 8.2.0.Final > > > The default domain configuration should include some example templates for various cache stores, indexes, transactions, eviction, etc -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 1 month

1
0
0 / 0

[JBoss JIRA] (ISPN-6260) Default domain configuration should include example templates

by Tristan Tarrant (JIRA)

Tristan Tarrant created ISPN-6260: ------------------------------------- Summary: Default domain configuration should include example templates Key: ISPN-6260 URL: https://issues.jboss.org/browse/ISPN-6260 Project: Infinispan Issue Type: Task Components: Server Reporter: Tristan Tarrant Assignee: Tristan Tarrant Fix For: 8.2.0.Final The default domain configuration should include some example templates for various cache stores, indexes, transactions, eviction, etc -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 1 month

1
0
0 / 0

[JBoss JIRA] (ISPN-5966) Management console requires to log in again after page refresh

by Vladimir Blagojevic (JIRA)

[ https://issues.jboss.org/browse/ISPN-5966?page=com.atlassian.jira.plugin.... ] Vladimir Blagojevic resolved ISPN-5966. --------------------------------------- Release Notes Text: Resolved with https://github.com/infinispan/infinispan-management-console/pull/56 Fix Version/s: 8.2.0.Final Resolution: Done > Management console requires to log in again after page refresh > -------------------------------------------------------------- > > Key: ISPN-5966 > URL: https://issues.jboss.org/browse/ISPN-5966 > Project: Infinispan > Issue Type: Bug > Components: Console > Affects Versions: 8.1.0.Beta1 > Reporter: Jiří Holuša > Assignee: Vladimir Blagojevic > Fix For: 8.2.0.Final > > > When working with management console, for example when looking at cache statistics, if I want to reload the page to see the newest values, aka doing refresh in browser (F5), the management console redirects me to login page and forces me to log in again. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 1 month

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

infinispan-issues February 2016