September 2020 - infinispan-issues

[JBoss JIRA] (ISPN-7811) Improve out-of-the-box server security in cloud

by Tristan Tarrant (Jira)

[ https://issues.redhat.com/browse/ISPN-7811?page=com.atlassian.jira.plugin... ] Tristan Tarrant closed ISPN-7811. --------------------------------- Resolution: Out of Date > Improve out-of-the-box server security in cloud > ----------------------------------------------- > > Key: ISPN-7811 > URL: https://issues.redhat.com/browse/ISPN-7811 > Project: Infinispan > Issue Type: Enhancement > Components: Security, Server > Affects Versions: 9.0.0.Final > Reporter: Galder Zamarreño > Assignee: Galder Zamarreño > Priority: Major > > When running Infinispan 9.0.0.Final in a cloud env, the default security code enforcements are causing issues when trying to register a proto file. > The "___protobuf_metadata" cache cannot be written remotely any more. Accessing this cache to add protofile descriptors to server. The default configuration throws this error: > {code} > [datagrid-1-akxoi] > [datagrid-1-akxoi] 12:15:56,602 ERROR [org.infinispan.server.hotrod.CacheDecodeContext] (HotRod-ServerWorker-4-2) ISPN005003: Exception reported: org.infinispan.server.hotrod.RequestParsingException: Remote requests are allowed to protected caches only over loopback or if authorization is enabled. Do no send remote requests to cache '___protobuf_metadata' > [datagrid-1-akxoi] at org.infinispan.server.hotrod.CacheDecodeContext.obtainCache(CacheDecodeContext.java:116) > [datagrid-1-akxoi] at org.infinispan.server.hotrod.HotRodDecoder.decodeHeader(HotRodDecoder.java:162) > [datagrid-1-akxoi] at org.infinispan.server.hotrod.HotRodDecoder.decode(HotRodDecoder.java:93) > {code} > The code in CacheDecodeContext that enables this check does the following: > {code} > if (!cacheManager.getCacheManagerConfiguration().security().authorization().enabled()... > {code} > In order to have better out-of-the-box experience in cloud but still be secured, the following should be done: > * Remove the code check for authorization in CacheDecodeContext. > * Server's default configuration should require authentication. > * Docker image allows passing in APP_USER and APP_PASS as env variables easily, but it provides default usernames and passwords for both APP and MGMT. These defaults should be removed since they're a security risk. > * Docker image should have the possibility to set APP_GROUPS so that we can pass in optionally the role groups associated with a user. This is handy for making it easier in the future for users to add authorization on top of authentication. > I will create JIRA subtasks for these so that the work can be divided. -- This message was sent by Atlassian Jira (v7.13.8#713008)

5 years, 7 months

1
0
0 / 0

[JBoss JIRA] (ISPN-10242) Prometheus jmx_exporter should support https on the exposed endpoint

by Tristan Tarrant (Jira)

[ https://issues.redhat.com/browse/ISPN-10242?page=com.atlassian.jira.plugi... ] Tristan Tarrant closed ISPN-10242. ---------------------------------- Resolution: Out of Date This is fixed by the new Prometheus-compatible metrics endpoint in Infinispan 10.1 > Prometheus jmx_exporter should support https on the exposed endpoint > -------------------------------------------------------------------- > > Key: ISPN-10242 > URL: https://issues.redhat.com/browse/ISPN-10242 > Project: Infinispan > Issue Type: Feature Request > Reporter: Wolf-Dieter Fink > Priority: Major > > Data Grid 7.3 introduced the Prometheus JMX exporter that listens for unauthenticated HTTP requests if activated. > For it to be acceptable to activate in secure environment it would need to use HTTPS and require some kind of authentication. -- This message was sent by Atlassian Jira (v7.13.8#713008)

5 years, 7 months

1
0
0 / 0

[JBoss JIRA] (ISPN-12088) Property realm groups file format is wrong

by Tristan Tarrant (Jira)

[ https://issues.redhat.com/browse/ISPN-12088?page=com.atlassian.jira.plugi... ] Tristan Tarrant updated ISPN-12088: ----------------------------------- Status: Pull Request Sent (was: Open) Git Pull Request: https://github.com/infinispan/infinispan/pull/8668 > Property realm groups file format is wrong > ------------------------------------------ > > Key: ISPN-12088 > URL: https://issues.redhat.com/browse/ISPN-12088 > Project: Infinispan > Issue Type: Bug > Components: Documentation > Affects Versions: 11.0.1.Final > Reporter: Kai Hudalla > Assignee: Tristan Tarrant > Priority: Major > Labels: documentation_issue > > The description of the format of the groups.properties file used for the Property Realm at > [https://infinispan.org/docs/stable/titles/server/server.html#server_realms] > seems to be wrong. It maps role names to lists of user IDs. However, using that format, I have not been able to access a cache that required WRITE permission. After changing the file to contain mappings of user IDs to lists of role names, everything worked as expected. The example group.properties file in the server image also describes the format as user=group1,group2. -- This message was sent by Atlassian Jira (v7.13.8#713008)

5 years, 7 months

1
0
0 / 0

[JBoss JIRA] (ISPN-12088) Property realm groups file format is wrong

by Tristan Tarrant (Jira)

[ https://issues.redhat.com/browse/ISPN-12088?page=com.atlassian.jira.plugi... ] Tristan Tarrant reassigned ISPN-12088: -------------------------------------- Assignee: Tristan Tarrant > Property realm groups file format is wrong > ------------------------------------------ > > Key: ISPN-12088 > URL: https://issues.redhat.com/browse/ISPN-12088 > Project: Infinispan > Issue Type: Bug > Components: Documentation > Affects Versions: 11.0.1.Final > Reporter: Kai Hudalla > Assignee: Tristan Tarrant > Priority: Major > Labels: documentation_issue > > The description of the format of the groups.properties file used for the Property Realm at > [https://infinispan.org/docs/stable/titles/server/server.html#server_realms] > seems to be wrong. It maps role names to lists of user IDs. However, using that format, I have not been able to access a cache that required WRITE permission. After changing the file to contain mappings of user IDs to lists of role names, everything worked as expected. The example group.properties file in the server image also describes the format as user=group1,group2. -- This message was sent by Atlassian Jira (v7.13.8#713008)

5 years, 7 months

1
0
0 / 0

[JBoss JIRA] (ISPN-12088) Property realm groups file format is wrong

by Tristan Tarrant (Jira)

[ https://issues.redhat.com/browse/ISPN-12088?page=com.atlassian.jira.plugi... ] Tristan Tarrant updated ISPN-12088: ----------------------------------- Status: Open (was: New) > Property realm groups file format is wrong > ------------------------------------------ > > Key: ISPN-12088 > URL: https://issues.redhat.com/browse/ISPN-12088 > Project: Infinispan > Issue Type: Bug > Components: Documentation > Affects Versions: 11.0.1.Final > Reporter: Kai Hudalla > Assignee: Tristan Tarrant > Priority: Major > Labels: documentation_issue > > The description of the format of the groups.properties file used for the Property Realm at > [https://infinispan.org/docs/stable/titles/server/server.html#server_realms] > seems to be wrong. It maps role names to lists of user IDs. However, using that format, I have not been able to access a cache that required WRITE permission. After changing the file to contain mappings of user IDs to lists of role names, everything worked as expected. The example group.properties file in the server image also describes the format as user=group1,group2. -- This message was sent by Atlassian Jira (v7.13.8#713008)

5 years, 7 months

1
0
0 / 0

[JBoss JIRA] (ISPN-5184) The option "shared=true" in custom persistance storage does not work

by Will Burns (Jira)

[ https://issues.redhat.com/browse/ISPN-5184?page=com.atlassian.jira.plugin... ] Will Burns resolved ISPN-5184. ------------------------------ Resolution: Out of Date Shared = false is confirmed to be working in more recent versions. Unfortunately this may have been an issue for a now very old version. > The option "shared=true" in custom persistance storage does not work > -------------------------------------------------------------------- > > Key: ISPN-5184 > URL: https://issues.redhat.com/browse/ISPN-5184 > Project: Infinispan > Issue Type: Bug > Components: Core > Affects Versions: 7.0.3.Final > Reporter: Pavlo Pohrebnyi > Assignee: Will Burns > Priority: Major > > When I'm tried to enable option "shared=true" in custom persistance storage, nothing changes - all nodes updates storage (should update only node, that put cache entry). > This is part of documentation: > shared - (false by default) indicates that the cache loader is shared among different cache instances, for example where all instances in a cluster use the same JDBC settings to talk to the same remote, shared database. Setting this to true prevents repeated and unnecessary writes of the same data to the cache loader by different cache instances. -- This message was sent by Atlassian Jira (v7.13.8#713008)

5 years, 7 months

1
0
0 / 0

[JBoss JIRA] (ISPN-12234) Remove Rest store

by Tristan Tarrant (Jira)

[ https://issues.redhat.com/browse/ISPN-12234?page=com.atlassian.jira.plugi... ] Tristan Tarrant updated ISPN-12234: ----------------------------------- Status: Resolved (was: Pull Request Sent) Fix Version/s: 12.0.0.Final Resolution: Done > Remove Rest store > ----------------- > > Key: ISPN-12234 > URL: https://issues.redhat.com/browse/ISPN-12234 > Project: Infinispan > Issue Type: Enhancement > Components: Loaders and Stores > Affects Versions: 12.0.0.Dev02 > Reporter: Ryan Emerson > Assignee: Ryan Emerson > Priority: Major > Fix For: 12.0.0.Final, 12.0.0.Dev03 > > -- This message was sent by Atlassian Jira (v7.13.8#713008)

5 years, 7 months

1
0
0 / 0

[JBoss JIRA] (ISPN-12251) HotRodClientJmxTest.testRemoteCacheManagerMBean fails on Java 14

by Katia Aresti (Jira)

[ https://issues.redhat.com/browse/ISPN-12251?page=com.atlassian.jira.plugi... ] Katia Aresti updated ISPN-12251: -------------------------------- Status: Resolved (was: Pull Request Sent) Resolution: Done > HotRodClientJmxTest.testRemoteCacheManagerMBean fails on Java 14 > ---------------------------------------------------------------- > > Key: ISPN-12251 > URL: https://issues.redhat.com/browse/ISPN-12251 > Project: Infinispan > Issue Type: Bug > Components: Hot Rod, Test Suite > Affects Versions: 12.0.0.Dev02 > Reporter: Dan Berindei > Assignee: Dan Berindei > Priority: Major > Fix For: 12.0.0.Dev03 > > > {{HotRodClientJmxTest.testRemoteCacheManagerMBean}} assumes that the result of {{InetSocketAddress.toString()}} for an unresolved address is in the format {{hostname:port}}. But the format changed in Java 14, and now the format is {{hostname/<unresolved>:port}}. > {noformat} > java.lang.AssertionError: expected:<localhost:37809> but was:<localhost/<unresolved>:37809> > at org.testng.AssertJUnit.assertEquals(AssertJUnit.java:101) > at org.testng.AssertJUnit.assertEquals(AssertJUnit.java:108) > at org.infinispan.client.hotrod.HotRodClientJmxTest.testRemoteCacheManagerMBean(HotRodClientJmxTest.java:84) > {noformat} > It might be a good idea to change the JMX attribute to only return the hostname instead of changing the test. -- This message was sent by Atlassian Jira (v7.13.8#713008)

5 years, 7 months

1
0
0 / 0

[JBoss JIRA] (ISPN-12121) Deprecate custom objects to JSON automatic conversion

by Katia Aresti (Jira)

[ https://issues.redhat.com/browse/ISPN-12121?page=com.atlassian.jira.plugi... ] Katia Aresti updated ISPN-12121: -------------------------------- Status: Resolved (was: Pull Request Sent) Resolution: Done > Deprecate custom objects to JSON automatic conversion > ----------------------------------------------------- > > Key: ISPN-12121 > URL: https://issues.redhat.com/browse/ISPN-12121 > Project: Infinispan > Issue Type: Task > Components: Server > Affects Versions: 11.0.1.Final > Reporter: Gustavo Fernandes > Assignee: Gustavo Fernandes > Priority: Major > Fix For: 12.0.0.Final > > > This is problematic for the native server as there is no way of knowing ahead the user types. > Two options here: > * Redirect users to protostream, that supports JSON natively > * Provide a way to plug custom serializers to JSON -- This message was sent by Atlassian Jira (v7.13.8#713008)

5 years, 7 months

1
0
0 / 0

[JBoss JIRA] (ISPN-12270) NPE when calling the Indexer with no indexed entities

by Gustavo Fernandes (Jira)

[ https://issues.redhat.com/browse/ISPN-12270?page=com.atlassian.jira.plugi... ] Gustavo Fernandes updated ISPN-12270: ------------------------------------- Summary: NPE when calling the Indexer with no indexed entities (was: Create a indexed cache, add an entry) > NPE when calling the Indexer with no indexed entities > ----------------------------------------------------- > > Key: ISPN-12270 > URL: https://issues.redhat.com/browse/ISPN-12270 > Project: Infinispan > Issue Type: Bug > Components: Console, REST > Affects Versions: 12.0.0.Dev02 > Reporter: Katia Aresti > Assignee: Gustavo Fernandes > Priority: Major > > Creating an indexed cache, add an entry and then launch a reindex from the console > > {code:java} > package people; > message Person { > required string name = 1; > }{code} > > {code:java} > { > "_type": "people.Person", > "name": "katia" > }{code} > > The 'reindexing' status remains forever and in the server > {code:java} > 6:51:46,457 ERROR (blocking-thread--p3-t5) [org.infinispan.rest.resources.SearchAdminResource] ISPN012022: Error executing MassIndexer java.lang.NullPointerException6:51:46,457 ERROR (blocking-thread--p3-t5) [org.infinispan.rest.resources.SearchAdminResource] ISPN012022: Error executing MassIndexer java.lang.NullPointerException at org.infinispan.query.impl.massindex.IndexUpdater.allJavaClasses(IndexUpdater.java:57) at org.infinispan.query.impl.massindex.DistributedExecutorMassIndexer.lambda$executeInternal$3(DistributedExecutorMassIndexer.java:123) at java.base/java.util.concurrent.CompletableFuture.uniComposeStage(CompletableFuture.java:1106) at java.base/java.util.concurrent.CompletableFuture.thenCompose(CompletableFuture.java:2235) at java.base/java.util.concurrent.CompletableFuture.thenCompose(CompletableFuture.java:143) at org.infinispan.query.impl.massindex.DistributedExecutorMassIndexer.executeInternal(DistributedExecutorMassIndexer.java:117) at org.infinispan.query.impl.massindex.DistributedExecutorMassIndexer.run(DistributedExecutorMassIndexer.java:74) at org.infinispan.rest.resources.SearchAdminResource.runIndexer(SearchAdminResource.java:109) at org.infinispan.rest.resources.SearchAdminResource.reindex(SearchAdminResource.java:59) at org.infinispan.rest.framework.impl.RestDispatcherImpl.dispatch(RestDispatcherImpl.java:75) at org.infinispan.rest.RestRequestHandler.handleRestRequest(RestRequestHandler.java:133) at org.infinispan.rest.RestRequestHandler.lambda$channelRead0$0(RestRequestHandler.java:112) at java.base/java.util.concurrent.CompletableFuture.uniWhenComplete(CompletableFuture.java:859) at java.base/java.util.concurrent.CompletableFuture$UniWhenComplete.tryFire(CompletableFuture.java:837) at java.base/java.util.concurrent.CompletableFuture.postComplete(CompletableFuture.java:506) at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1705) at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377) at java.base/java.lang.Thread.run(Thread.java:834){code} -- This message was sent by Atlassian Jira (v7.13.8#713008)

5 years, 7 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

infinispan-issues September 2020