]
Katia Aresti updated ISPN-12765:
--------------------------------
Status: Open (was: New)
REST API does not correctly handle authz for ADMIN in XSite, Query
and Backups
------------------------------------------------------------------------------
Key: ISPN-12765
URL:
https://issues.redhat.com/browse/ISPN-12765
Project: Infinispan
Issue Type: Bug
Components: REST
Affects Versions: 12.0.1.Final
Reporter: Katia Aresti
Assignee: Tristan Tarrant
Priority: Blocker
Fix For: 12.1.0.Final
When the REST api performs operations on XSite, Query and Backups that can be only done
for ADMIN users, admin user subject is not correctly handled and is detected as null, so
REST endpoints respond with Subject null lacks ADMIN permission.
Some uses like *xsiteAdmin.checkSite(site)* can't be used from the REST api without a
wrapper that will check the subject in the request