May 2017 - infinispan-issues - Jboss List Archives

[JBoss JIRA] (ISPN-3940) Fine-grained authorization

by Tristan Tarrant (JIRA)

[ https://issues.jboss.org/browse/ISPN-3940?page=com.atlassian.jira.plugin.... ] Tristan Tarrant updated ISPN-3940: ---------------------------------- Parent: (was: ISPN-3908) Issue Type: Feature Request (was: Sub-task) > Fine-grained authorization > -------------------------- > > Key: ISPN-3940 > URL: https://issues.jboss.org/browse/ISPN-3940 > Project: Infinispan > Issue Type: Feature Request > Components: Core, Security > Reporter: Tristan Tarrant > Assignee: Tristan Tarrant > > Add a way to set ACL per-entry, storing it in some additional security metadata so that only users belonging to certain roles can access it. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

6 years, 12 months

1
0
0 / 0

[JBoss JIRA] (ISPN-7737) Add authorization

by Ryan Emerson (JIRA)

[ https://issues.jboss.org/browse/ISPN-7737?page=com.atlassian.jira.plugin.... ] Ryan Emerson resolved ISPN-7737. -------------------------------- Fix Version/s: 9.1.0.Alpha1 Resolution: Done > Add authorization > ----------------- > > Key: ISPN-7737 > URL: https://issues.jboss.org/browse/ISPN-7737 > Project: Infinispan > Issue Type: Sub-task > Reporter: Sebastian Łaskawiec > Assignee: Sebastian Łaskawiec > Fix For: 9.1.0.Alpha1 > > -- This message was sent by Atlassian JIRA (v7.2.3#72005)

6 years, 12 months

1
0
0 / 0

[JBoss JIRA] (ISPN-7736) Add authentication

by Ryan Emerson (JIRA)

[ https://issues.jboss.org/browse/ISPN-7736?page=com.atlassian.jira.plugin.... ] Ryan Emerson resolved ISPN-7736. -------------------------------- Fix Version/s: 9.1.0.Alpha1 Resolution: Done > Add authentication > ------------------ > > Key: ISPN-7736 > URL: https://issues.jboss.org/browse/ISPN-7736 > Project: Infinispan > Issue Type: Sub-task > Reporter: Sebastian Łaskawiec > Assignee: Sebastian Łaskawiec > Fix For: 9.1.0.Alpha1 > > -- This message was sent by Atlassian JIRA (v7.2.3#72005)

6 years, 12 months

1
0
0 / 0

[JBoss JIRA] (ISPN-3940) Fine-grained authorization

by Tristan Tarrant (JIRA)

[ https://issues.jboss.org/browse/ISPN-3940?page=com.atlassian.jira.plugin.... ] Tristan Tarrant updated ISPN-3940: ---------------------------------- Sprint: 9.1.0.Beta1 > Fine-grained authorization > -------------------------- > > Key: ISPN-3940 > URL: https://issues.jboss.org/browse/ISPN-3940 > Project: Infinispan > Issue Type: Feature Request > Components: Core, Security > Reporter: Tristan Tarrant > Assignee: Tristan Tarrant > > Add a way to set ACL per-entry, storing it in some additional security metadata so that only users belonging to certain roles can access it. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

6 years, 12 months

1
0
0 / 0

[JBoss JIRA] (ISPN-7857) Fine-grained authorization

by Tristan Tarrant (JIRA)

[ https://issues.jboss.org/browse/ISPN-7857?page=com.atlassian.jira.plugin.... ] Tristan Tarrant deleted ISPN-7857: ---------------------------------- > Fine-grained authorization > -------------------------- > > Key: ISPN-7857 > URL: https://issues.jboss.org/browse/ISPN-7857 > Project: Infinispan > Issue Type: Enhancement > Reporter: Tristan Tarrant > Assignee: Tristan Tarrant > > https://github.com/infinispan/infinispan-designs/blob/master/Fine-grained... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

6 years, 12 months

1
0
0 / 0

[JBoss JIRA] (ISPN-7857) Fine-grained authorization

by Tristan Tarrant (JIRA)

Tristan Tarrant created ISPN-7857: ------------------------------------- Summary: Fine-grained authorization Key: ISPN-7857 URL: https://issues.jboss.org/browse/ISPN-7857 Project: Infinispan Issue Type: Enhancement Components: Security Reporter: Tristan Tarrant Assignee: Tristan Tarrant Fix For: 9.1.0.Final https://github.com/infinispan/infinispan-designs/blob/master/Fine-grained... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

6 years, 12 months

1
0
0 / 0

[JBoss JIRA] (ISPN-375) Enable Hot Rod clients to start transactions

by Tristan Tarrant (JIRA)

[ https://issues.jboss.org/browse/ISPN-375?page=com.atlassian.jira.plugin.s... ] Tristan Tarrant updated ISPN-375: --------------------------------- Sprint: 9.1.0.Beta1 > Enable Hot Rod clients to start transactions > -------------------------------------------- > > Key: ISPN-375 > URL: https://issues.jboss.org/browse/ISPN-375 > Project: Infinispan > Issue Type: Feature Request > Components: Remote Protocols > Reporter: Galder Zamarreño > Assignee: Pedro Ruivo > Priority: Blocker > Labels: hackathon > > It might be useful to allow Hot Rod clients to start transactions within Hot Rod servers. The possibility of clients participating in the actual transaction, i.e. being an XAResource, should not be imposed since this might be less than trivial to achieve in non-Java environments. The alternative would be to allow clients to start Hot Rod server local transactions only. > This would require enhancing Hot Rod spec to have some begin/commit/rollback commands that return a tx id, and for clients to be able to send this id as part of each command that should participate in the transaction. > Pitfalls to avoid include avoiding a transaction to be propagated over several Hot Rod servers. IOW, to simplify things, if a tx is started in server A, all ops within that tx should be directed to tx. Load balancing could still happen but would need to be tx sticky. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

6 years, 12 months

1
0
0 / 0

[JBoss JIRA] (ISPN-5218) Add batching to the AdvancedCacheWriter interface

by Tristan Tarrant (JIRA)

[ https://issues.jboss.org/browse/ISPN-5218?page=com.atlassian.jira.plugin.... ] Tristan Tarrant updated ISPN-5218: ---------------------------------- Description: The AdvancedCacheWriter should be extended with a batch operation which takes multiple write/remove operations so that stores which can do batching can optimize this. This would benefit: * passivateAll * putAll * the async writer Immediate users would be the JDBC stores, JPA, RocksDB. was: The AdvancedCacheWriter should be extended with a write operation which takes multiple entries so that stores which can do batching can optimize this. This would benefit: * passivateAll * putAll * the async writer Immediate users would be the JDBC stores, JPA, RocksDB. > Add batching to the AdvancedCacheWriter interface > ------------------------------------------------- > > Key: ISPN-5218 > URL: https://issues.jboss.org/browse/ISPN-5218 > Project: Infinispan > Issue Type: Enhancement > Components: Loaders and Stores > Reporter: Tristan Tarrant > Assignee: Ryan Emerson > Fix For: 9.1.0.Final > > > The AdvancedCacheWriter should be extended with a batch operation which takes multiple write/remove operations so that stores which can do batching can optimize this. This would benefit: > * passivateAll > * putAll > * the async writer > Immediate users would be the JDBC stores, JPA, RocksDB. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

6 years, 12 months

1
0
0 / 0

[JBoss JIRA] (ISPN-7714) Deploy Lucene analyzers in server for remote query

by Ryan Emerson (JIRA)

[ https://issues.jboss.org/browse/ISPN-7714?page=com.atlassian.jira.plugin.... ] Ryan Emerson updated ISPN-7714: ------------------------------- Fix Version/s: (was: 9.0.1.Final) > Deploy Lucene analyzers in server for remote query > -------------------------------------------------- > > Key: ISPN-7714 > URL: https://issues.jboss.org/browse/ISPN-7714 > Project: Infinispan > Issue Type: Enhancement > Components: Remote Querying > Reporter: Adrian Nistor > Assignee: Adrian Nistor > Fix For: 9.1.0.Final > > > Current integration tests demonstrate remote query with user deployed analyzers but the hot rod server is started in a special way that is used only for testing. Deployment of analyzers seems to work but with a real server it does not. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

6 years, 12 months

1
0
0 / 0

[JBoss JIRA] (ISPN-7811) Improve out-of-the-box server security in cloud

by Ryan Emerson (JIRA)

[ https://issues.jboss.org/browse/ISPN-7811?page=com.atlassian.jira.plugin.... ] Ryan Emerson updated ISPN-7811: ------------------------------- Fix Version/s: (was: 9.0.1.Final) > Improve out-of-the-box server security in cloud > ----------------------------------------------- > > Key: ISPN-7811 > URL: https://issues.jboss.org/browse/ISPN-7811 > Project: Infinispan > Issue Type: Enhancement > Components: Security, Server > Affects Versions: 9.0.0.Final > Reporter: Galder Zamarreño > Assignee: Galder Zamarreño > Fix For: 9.1.0.Final > > > When running Infinispan 9.0.0.Final in a cloud env, the default security code enforcements are causing issues when trying to register a proto file. > The "___protobuf_metadata" cache cannot be written remotely any more. Accessing this cache to add protofile descriptors to server. The default configuration throws this error: > {code} > [datagrid-1-akxoi] > [datagrid-1-akxoi] 12:15:56,602 ERROR [org.infinispan.server.hotrod.CacheDecodeContext] (HotRod-ServerWorker-4-2) ISPN005003: Exception reported: org.infinispan.server.hotrod.RequestParsingException: Remote requests are allowed to protected caches only over loopback or if authorization is enabled. Do no send remote requests to cache '___protobuf_metadata' > [datagrid-1-akxoi] at org.infinispan.server.hotrod.CacheDecodeContext.obtainCache(CacheDecodeContext.java:116) > [datagrid-1-akxoi] at org.infinispan.server.hotrod.HotRodDecoder.decodeHeader(HotRodDecoder.java:162) > [datagrid-1-akxoi] at org.infinispan.server.hotrod.HotRodDecoder.decode(HotRodDecoder.java:93) > {code} > The code in CacheDecodeContext that enables this check does the following: > {code} > if (!cacheManager.getCacheManagerConfiguration().security().authorization().enabled()... > {code} > In order to have better out-of-the-box experience in cloud but still be secured, the following should be done: > * Remove the code check for authorization in CacheDecodeContext. > * Server's default configuration should require authentication. > * Docker image allows passing in APP_USER and APP_PASS as env variables easily, but it provides default usernames and passwords for both APP and MGMT. These defaults should be removed since they're a security risk. > * Docker image should have the possibility to set APP_GROUPS so that we can pass in optionally the role groups associated with a user. This is handy for making it easier in the future for users to add authorization on top of authentication. > I will create JIRA subtasks for these so that the work can be divided. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

6 years, 12 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

infinispan-issues May 2017