[
https://issues.redhat.com/browse/ISPN-12765?page=com.atlassian.jira.plugi...
]
Katia Aresti updated ISPN-12765:
--------------------------------
Description:
When the REST api performs operations on XSite, Query and Backups that can be only done
for ADMIN users, admin user subject is not correctly handled and is detected as null, so
REST endpoints respond with Subject null lacks ADMIN permission.
Some uses like *xsiteAdmin.checkSite(site)* can't be used from the REST api without a
wrapper that will check the subject in the request
was:
When the REST api performs operations on XSite, Query and Backups that can be only done
for ADMIN users, admin user subject is not correctly handled and is detected as null, so
REST endpoints respond with Subject null lacks ADMIN permission.
Some uses like ```xsiteAdmin.checkSite(site)``` can't be used from the REST api
without a wrapper that will check the subject in the request
REST API does not correctly handle authz for ADMIN in XSite, Query
and Backups
------------------------------------------------------------------------------
Key: ISPN-12765
URL:
https://issues.redhat.com/browse/ISPN-12765
Project: Infinispan
Issue Type: Bug
Components: REST
Affects Versions: 12.0.1.Final
Reporter: Katia Aresti
Priority: Blocker
When the REST api performs operations on XSite, Query and Backups that can be only done
for ADMIN users, admin user subject is not correctly handled and is detected as null, so
REST endpoints respond with Subject null lacks ADMIN permission.
Some uses like *xsiteAdmin.checkSite(site)* can't be used from the REST api without a
wrapper that will check the subject in the request
--
This message was sent by Atlassian Jira
(v8.13.1#813001)