[Red Hat JIRA] (ISPN-12765) REST API does not correctly handle authz for ADMIN in XSite, Query and Backups
by Katia Aresti (Jira)
[ https://issues.redhat.com/browse/ISPN-12765?page=com.atlassian.jira.plugi... ]
Katia Aresti commented on ISPN-12765:
-------------------------------------
Reproduced provided in the PR
> REST API does not correctly handle authz for ADMIN in XSite, Query and Backups
> ------------------------------------------------------------------------------
>
> Key: ISPN-12765
> URL: https://issues.redhat.com/browse/ISPN-12765
> Project: Infinispan
> Issue Type: Bug
> Components: REST
> Affects Versions: 12.0.1.Final
> Reporter: Katia Aresti
> Assignee: Tristan Tarrant
> Priority: Blocker
> Fix For: 12.1.0.Final
>
>
> When the REST api performs operations on XSite, Query and Backups that can be only done for ADMIN users, admin user subject is not correctly handled and is detected as null, so REST endpoints respond with Subject null lacks ADMIN permission.
> Some uses like *xsiteAdmin.checkSite(site)* can't be used from the REST api without a wrapper that will check the subject in the request
--
This message was sent by Atlassian Jira
(v8.13.1#813001)
3 years, 7 months
[Red Hat JIRA] (ISPN-12765) REST API does not correctly handle authz for ADMIN in XSite, Query and Backups
by Katia Aresti (Jira)
[ https://issues.redhat.com/browse/ISPN-12765?page=com.atlassian.jira.plugi... ]
Katia Aresti updated ISPN-12765:
--------------------------------
Status: Open (was: New)
> REST API does not correctly handle authz for ADMIN in XSite, Query and Backups
> ------------------------------------------------------------------------------
>
> Key: ISPN-12765
> URL: https://issues.redhat.com/browse/ISPN-12765
> Project: Infinispan
> Issue Type: Bug
> Components: REST
> Affects Versions: 12.0.1.Final
> Reporter: Katia Aresti
> Assignee: Tristan Tarrant
> Priority: Blocker
> Fix For: 12.1.0.Final
>
>
> When the REST api performs operations on XSite, Query and Backups that can be only done for ADMIN users, admin user subject is not correctly handled and is detected as null, so REST endpoints respond with Subject null lacks ADMIN permission.
> Some uses like *xsiteAdmin.checkSite(site)* can't be used from the REST api without a wrapper that will check the subject in the request
--
This message was sent by Atlassian Jira
(v8.13.1#813001)
3 years, 7 months
[Red Hat JIRA] (ISPN-12765) REST API does not correctly handle authz for ADMIN in XSite, Query and Backups
by Katia Aresti (Jira)
[ https://issues.redhat.com/browse/ISPN-12765?page=com.atlassian.jira.plugi... ]
Katia Aresti updated ISPN-12765:
--------------------------------
Fix Version/s: 12.1.0.Final
> REST API does not correctly handle authz for ADMIN in XSite, Query and Backups
> ------------------------------------------------------------------------------
>
> Key: ISPN-12765
> URL: https://issues.redhat.com/browse/ISPN-12765
> Project: Infinispan
> Issue Type: Bug
> Components: REST
> Affects Versions: 12.0.1.Final
> Reporter: Katia Aresti
> Assignee: Tristan Tarrant
> Priority: Blocker
> Fix For: 12.1.0.Final
>
>
> When the REST api performs operations on XSite, Query and Backups that can be only done for ADMIN users, admin user subject is not correctly handled and is detected as null, so REST endpoints respond with Subject null lacks ADMIN permission.
> Some uses like *xsiteAdmin.checkSite(site)* can't be used from the REST api without a wrapper that will check the subject in the request
--
This message was sent by Atlassian Jira
(v8.13.1#813001)
3 years, 7 months
[Red Hat JIRA] (ISPN-12765) REST API does not correctly handle authz for ADMIN in XSite, Query and Backups
by Katia Aresti (Jira)
[ https://issues.redhat.com/browse/ISPN-12765?page=com.atlassian.jira.plugi... ]
Katia Aresti updated ISPN-12765:
--------------------------------
Description:
When the REST api performs operations on XSite, Query and Backups that can be only done for ADMIN users, admin user subject is not correctly handled and is detected as null, so REST endpoints respond with Subject null lacks ADMIN permission.
Some uses like *xsiteAdmin.checkSite(site)* can't be used from the REST api without a wrapper that will check the subject in the request
was:
When the REST api performs operations on XSite, Query and Backups that can be only done for ADMIN users, admin user subject is not correctly handled and is detected as null, so REST endpoints respond with Subject null lacks ADMIN permission.
Some uses like ```xsiteAdmin.checkSite(site)``` can't be used from the REST api without a wrapper that will check the subject in the request
> REST API does not correctly handle authz for ADMIN in XSite, Query and Backups
> ------------------------------------------------------------------------------
>
> Key: ISPN-12765
> URL: https://issues.redhat.com/browse/ISPN-12765
> Project: Infinispan
> Issue Type: Bug
> Components: REST
> Affects Versions: 12.0.1.Final
> Reporter: Katia Aresti
> Priority: Blocker
>
> When the REST api performs operations on XSite, Query and Backups that can be only done for ADMIN users, admin user subject is not correctly handled and is detected as null, so REST endpoints respond with Subject null lacks ADMIN permission.
> Some uses like *xsiteAdmin.checkSite(site)* can't be used from the REST api without a wrapper that will check the subject in the request
--
This message was sent by Atlassian Jira
(v8.13.1#813001)
3 years, 7 months
[Red Hat JIRA] (ISPN-12765) REST API does not correctly handle authz for ADMIN in XSite, Query and Backups
by Katia Aresti (Jira)
[ https://issues.redhat.com/browse/ISPN-12765?page=com.atlassian.jira.plugi... ]
Katia Aresti reassigned ISPN-12765:
-----------------------------------
Assignee: Tristan Tarrant
> REST API does not correctly handle authz for ADMIN in XSite, Query and Backups
> ------------------------------------------------------------------------------
>
> Key: ISPN-12765
> URL: https://issues.redhat.com/browse/ISPN-12765
> Project: Infinispan
> Issue Type: Bug
> Components: REST
> Affects Versions: 12.0.1.Final
> Reporter: Katia Aresti
> Assignee: Tristan Tarrant
> Priority: Blocker
>
> When the REST api performs operations on XSite, Query and Backups that can be only done for ADMIN users, admin user subject is not correctly handled and is detected as null, so REST endpoints respond with Subject null lacks ADMIN permission.
> Some uses like *xsiteAdmin.checkSite(site)* can't be used from the REST api without a wrapper that will check the subject in the request
--
This message was sent by Atlassian Jira
(v8.13.1#813001)
3 years, 7 months
[Red Hat JIRA] (ISPN-12765) REST API does not correctly handle authz for ADMIN in XSite, Query and Backups
by Katia Aresti (Jira)
[ https://issues.redhat.com/browse/ISPN-12765?page=com.atlassian.jira.plugi... ]
Katia Aresti updated ISPN-12765:
--------------------------------
Description:
When the REST api performs operations on XSite, Query and Backups that can be only done for ADMIN users, admin user subject is not correctly handled and is detected as null, so REST endpoints respond with Subject null lacks ADMIN permission.
Some uses like ```xsiteAdmin.checkSite(site)``` can't be used from the REST api without a wrapper that will check the subject in the request
was:
When the REST api performs operations on XSite, Query and Backups that can be only done for ADMIN users, admin user subject is not correctly handled and is detected as null, so REST endpoints respond with Subject null lacks ADMIN permission.
Some uses like `xsiteAdmin.checkSite(site)` can't be used from the REST api without a wrapper that will check the subject in the request
> REST API does not correctly handle authz for ADMIN in XSite, Query and Backups
> ------------------------------------------------------------------------------
>
> Key: ISPN-12765
> URL: https://issues.redhat.com/browse/ISPN-12765
> Project: Infinispan
> Issue Type: Bug
> Components: REST
> Affects Versions: 12.0.1.Final
> Reporter: Katia Aresti
> Priority: Blocker
>
> When the REST api performs operations on XSite, Query and Backups that can be only done for ADMIN users, admin user subject is not correctly handled and is detected as null, so REST endpoints respond with Subject null lacks ADMIN permission.
> Some uses like ```xsiteAdmin.checkSite(site)``` can't be used from the REST api without a wrapper that will check the subject in the request
--
This message was sent by Atlassian Jira
(v8.13.1#813001)
3 years, 7 months
[Red Hat JIRA] (ISPN-12765) REST API does not correctly handle authz for ADMIN in XSite, Query and Backups
by Katia Aresti (Jira)
[ https://issues.redhat.com/browse/ISPN-12765?page=com.atlassian.jira.plugi... ]
Katia Aresti updated ISPN-12765:
--------------------------------
Description:
When the REST api performs operations on XSite, Query and Backups that can be only done for ADMIN users, admin user subject is not correctly handled and is detected as null, so REST endpoints respond with Subject null lacks ADMIN permission.
Some uses like `xsiteAdmin.checkSite(site)` can't be used from the REST api without a wrapper that will check the subject in the request
> REST API does not correctly handle authz for ADMIN in XSite, Query and Backups
> ------------------------------------------------------------------------------
>
> Key: ISPN-12765
> URL: https://issues.redhat.com/browse/ISPN-12765
> Project: Infinispan
> Issue Type: Bug
> Components: REST
> Affects Versions: 12.0.1.Final
> Reporter: Katia Aresti
> Priority: Blocker
>
> When the REST api performs operations on XSite, Query and Backups that can be only done for ADMIN users, admin user subject is not correctly handled and is detected as null, so REST endpoints respond with Subject null lacks ADMIN permission.
> Some uses like `xsiteAdmin.checkSite(site)` can't be used from the REST api without a wrapper that will check the subject in the request
--
This message was sent by Atlassian Jira
(v8.13.1#813001)
3 years, 7 months