[JBoss JIRA] (ISPN-375) Enable Hot Rod clients to start transactions
by Tristan Tarrant (JIRA)
[ https://issues.jboss.org/browse/ISPN-375?page=com.atlassian.jira.plugin.s... ]
Tristan Tarrant updated ISPN-375:
---------------------------------
Sprint: 9.1.0.Beta1
> Enable Hot Rod clients to start transactions
> --------------------------------------------
>
> Key: ISPN-375
> URL: https://issues.jboss.org/browse/ISPN-375
> Project: Infinispan
> Issue Type: Feature Request
> Components: Remote Protocols
> Reporter: Galder Zamarreño
> Assignee: Pedro Ruivo
> Priority: Blocker
> Labels: hackathon
>
> It might be useful to allow Hot Rod clients to start transactions within Hot Rod servers. The possibility of clients participating in the actual transaction, i.e. being an XAResource, should not be imposed since this might be less than trivial to achieve in non-Java environments. The alternative would be to allow clients to start Hot Rod server local transactions only.
> This would require enhancing Hot Rod spec to have some begin/commit/rollback commands that return a tx id, and for clients to be able to send this id as part of each command that should participate in the transaction.
> Pitfalls to avoid include avoiding a transaction to be propagated over several Hot Rod servers. IOW, to simplify things, if a tx is started in server A, all ops within that tx should be directed to tx. Load balancing could still happen but would need to be tx sticky.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
6 years, 12 months
[JBoss JIRA] (ISPN-5218) Add batching to the AdvancedCacheWriter interface
by Tristan Tarrant (JIRA)
[ https://issues.jboss.org/browse/ISPN-5218?page=com.atlassian.jira.plugin.... ]
Tristan Tarrant updated ISPN-5218:
----------------------------------
Description:
The AdvancedCacheWriter should be extended with a batch operation which takes multiple write/remove operations so that stores which can do batching can optimize this. This would benefit:
* passivateAll
* putAll
* the async writer
Immediate users would be the JDBC stores, JPA, RocksDB.
was:
The AdvancedCacheWriter should be extended with a write operation which takes multiple entries so that stores which can do batching can optimize this. This would benefit:
* passivateAll
* putAll
* the async writer
Immediate users would be the JDBC stores, JPA, RocksDB.
> Add batching to the AdvancedCacheWriter interface
> -------------------------------------------------
>
> Key: ISPN-5218
> URL: https://issues.jboss.org/browse/ISPN-5218
> Project: Infinispan
> Issue Type: Enhancement
> Components: Loaders and Stores
> Reporter: Tristan Tarrant
> Assignee: Ryan Emerson
> Fix For: 9.1.0.Final
>
>
> The AdvancedCacheWriter should be extended with a batch operation which takes multiple write/remove operations so that stores which can do batching can optimize this. This would benefit:
> * passivateAll
> * putAll
> * the async writer
> Immediate users would be the JDBC stores, JPA, RocksDB.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
6 years, 12 months
[JBoss JIRA] (ISPN-7811) Improve out-of-the-box server security in cloud
by Ryan Emerson (JIRA)
[ https://issues.jboss.org/browse/ISPN-7811?page=com.atlassian.jira.plugin.... ]
Ryan Emerson updated ISPN-7811:
-------------------------------
Fix Version/s: (was: 9.0.1.Final)
> Improve out-of-the-box server security in cloud
> -----------------------------------------------
>
> Key: ISPN-7811
> URL: https://issues.jboss.org/browse/ISPN-7811
> Project: Infinispan
> Issue Type: Enhancement
> Components: Security, Server
> Affects Versions: 9.0.0.Final
> Reporter: Galder Zamarreño
> Assignee: Galder Zamarreño
> Fix For: 9.1.0.Final
>
>
> When running Infinispan 9.0.0.Final in a cloud env, the default security code enforcements are causing issues when trying to register a proto file.
> The "___protobuf_metadata" cache cannot be written remotely any more. Accessing this cache to add protofile descriptors to server. The default configuration throws this error:
> {code}
> [datagrid-1-akxoi]
> [datagrid-1-akxoi] 12:15:56,602 ERROR [org.infinispan.server.hotrod.CacheDecodeContext] (HotRod-ServerWorker-4-2) ISPN005003: Exception reported: org.infinispan.server.hotrod.RequestParsingException: Remote requests are allowed to protected caches only over loopback or if authorization is enabled. Do no send remote requests to cache '___protobuf_metadata'
> [datagrid-1-akxoi] at org.infinispan.server.hotrod.CacheDecodeContext.obtainCache(CacheDecodeContext.java:116)
> [datagrid-1-akxoi] at org.infinispan.server.hotrod.HotRodDecoder.decodeHeader(HotRodDecoder.java:162)
> [datagrid-1-akxoi] at org.infinispan.server.hotrod.HotRodDecoder.decode(HotRodDecoder.java:93)
> {code}
> The code in CacheDecodeContext that enables this check does the following:
> {code}
> if (!cacheManager.getCacheManagerConfiguration().security().authorization().enabled()...
> {code}
> In order to have better out-of-the-box experience in cloud but still be secured, the following should be done:
> * Remove the code check for authorization in CacheDecodeContext.
> * Server's default configuration should require authentication.
> * Docker image allows passing in APP_USER and APP_PASS as env variables easily, but it provides default usernames and passwords for both APP and MGMT. These defaults should be removed since they're a security risk.
> * Docker image should have the possibility to set APP_GROUPS so that we can pass in optionally the role groups associated with a user. This is handy for making it easier in the future for users to add authorization on top of authentication.
> I will create JIRA subtasks for these so that the work can be divided.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
6 years, 12 months