[infinispan-issues] [JBoss JIRA] (ISPN-8063) HealthCheck does't work with Secured Caches

HealthCheck does't work with Secured Caches ------------------------------------------- Key: ISPN-8063 URL: https://issues.jboss.org/browse/ISPN-8063 Project: Infinispan Issue Type: Bug Components: Core, Server Affects Versions: 9.1.0.CR1 Reporter: Sebastian Łaskawiec Assignee: Sebastian Łaskawiec Fix For: 9.1.0.Final Configuration snippet: {code} clustered.xml <security> <authorization> <identity-role-mapper /> <role name="ADMIN" permissions="ALL ADMIN"/> </authorization> </security> <distributed-cache name="default" mode="SYNC" > <security> <authorization enabled="true" roles="ADMIN"/> </security> </distributed-cache> application-roles.properties admin=REST,admin,ADMIN {code} CLI call: {code} /subsystem=datagrid-infinispan/cache-container=clustered/health=HEALTH:read-resource(include-runtime=true) {code} Exception reported: {noformat} 08:12:26,128 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 2) WFLYCTL0013: Operation ("read-attribute") failed - address: ([ ("subsystem" => "datagrid-infinispan"), ("cache-container" => "clustered"), ("health" => "HEALTH") ]): java.lang.SecurityException: ISPN000287: Unauthorized access: subject 'Subject with principal(s): [$local@ManagementRealm, org.jboss.remoting3.security.UserPrincipal@439455c7, InetAddressPrincipal <127.0.0.1/127.0.0.1>, InetAddressPrincipal <127.0.0.1/127.0.0.1>]' lacks 'ADMIN' permission at org.infinispan.security.impl.AuthorizationHelper.checkPermission(AuthorizationHelper.java:87) at org.infinispan.security.impl.AuthorizationManagerImpl.checkPermission(AuthorizationManagerImpl.java:49) at org.infinispan.security.impl.SecureCacheImpl.getDistributionManager(SecureCacheImpl.java:409) at org.infinispan.health.impl.CacheHealthImpl.getStatus(CacheHealthImpl.java:28) at org.infinispan.health.impl.ClusterHealthImpl.lambda$getHealthStatus$2(ClusterHealthImpl.java:26) at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:193) at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:193) at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:193) at java.util.Iterator.forEachRemaining(Iterator.java:116) at java.util.Spliterators$IteratorSpliterator.forEachRemaining(Spliterators.java:1801) at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:481) at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:471) at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:708) at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:499) at org.infinispan.health.impl.ClusterHealthImpl.getHealthStatus(ClusterHealthImpl.java:27) at org.jboss.as.clustering.infinispan.subsystem.HealthMetricsHandler.executeRuntimeStep(HealthMetricsHandler.java:144) at org.jboss.as.controller.AbstractRuntimeOnlyHandler$1.execute(AbstractRuntimeOnlyHandler.java:53) at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:890) at org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:659) at org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:370) at org.jboss.as.controller.OperationContextImpl.executeOperation(OperationContextImpl.java:1329) at org.jboss.as.controller.ModelControllerImpl.internalExecute(ModelControllerImpl.java:400) at org.jboss.as.controller.ModelControllerImpl.execute(ModelControllerImpl.java:222) at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.doExecute(ModelControllerClientOperationHandler.java:208) at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.access$300(ModelControllerClientOperationHandler.java:130) at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$1.run(ModelControllerClientOperationHandler.java:152) at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$1.run(ModelControllerClientOperationHandler.java:148) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:422) at org.jboss.as.controller.AccessAuditContext.doAs(AccessAuditContext.java:149) at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1.execute(ModelControllerClientOperationHandler.java:148) at org.jboss.as.protocol.mgmt.AbstractMessageHandler$ManagementRequestContextImpl$1.doExecute(AbstractMessageHandler.java:363) at org.jboss.as.protocol.mgmt.AbstractMessageHandler$AsyncTaskRunner.run(AbstractMessageHandler.java:472) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:748) at org.jboss.threads.JBossThread.run(JBossThread.java:320) {noformat}