6:59 a.m.
[
https://issues.jboss.org/browse/ISPN-10722?page=com.atlassian.jira.plugin...
]
Dan Berindei commented on ISPN-10722:
-------------------------------------
Trying to reproduce JDG-3214 I got another exception: when I tried to add security to the
cache, it told me I should first enable it for the cache container, and I did so, but
apparently it did not restart the cache container.
I went back to the cache and I enabled security, and the cache got restarted with security
enabled causing this exception in the log (and part of it in a mgmt console popup):
{noformat}
14:45:11,812 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-5) MSC000001: Failed
to start service jboss.datagrid-infinispan.local.namedCache.config:
org.jboss.msc.service.StartException in service
jboss.datagrid-infinispan.local.namedCache.config: Failed to start service
at
org.jboss.msc@1.4.3.Final//org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1728)
at
org.jboss.msc@1.4.3.Final//org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1556)
at
org.jboss.threads@2.3.2.Final//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at
org.jboss.threads@2.3.2.Final//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985)
at
org.jboss.threads@2.3.2.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487)
at
org.jboss.threads@2.3.2.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378)
at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: org.infinispan.commons.CacheConfigurationException: ISPN000414: Global security
authorization should be enabled if cache authorization enabled.
at
org.infinispan.core:ispn-9.4@9.4.16-SNAPSHOT//org.infinispan.configuration.cache.AuthorizationConfigurationBuilder.validate(AuthorizationConfigurationBuilder.java:60)
at
org.infinispan.core:ispn-9.4@9.4.16-SNAPSHOT//org.infinispan.configuration.cache.SecurityConfigurationBuilder.validate(SecurityConfigurationBuilder.java:26)
at
org.infinispan.core:ispn-9.4@9.4.16-SNAPSHOT//org.infinispan.configuration.cache.ConfigurationBuilder.validate(ConfigurationBuilder.java:271)
at
org.infinispan.core:ispn-9.4@9.4.16-SNAPSHOT//org.infinispan.configuration.cache.ConfigurationBuilder.build(ConfigurationBuilder.java:286)
at
org.infinispan.core:ispn-9.4@9.4.16-SNAPSHOT//org.infinispan.configuration.ConfigurationManager.putConfiguration(ConfigurationManager.java:97)
at
org.infinispan.core:ispn-9.4@9.4.16-SNAPSHOT//org.infinispan.manager.DefaultCacheManager.doDefineConfiguration(DefaultCacheManager.java:399)
at
org.infinispan.core:ispn-9.4@9.4.16-SNAPSHOT//org.infinispan.manager.DefaultCacheManager.defineConfiguration(DefaultCacheManager.java:358)
at
org.infinispan.extension:ispn-9.4@9.4.16-SNAPSHOT//org.jboss.as.clustering.infinispan.DefaultCacheContainer.defineConfiguration(DefaultCacheContainer.java:67)
at
org.infinispan.extension:ispn-9.4@9.4.16-SNAPSHOT//org.jboss.as.clustering.infinispan.subsystem.SecurityActions.lambda$defineContainerConfiguration$2(SecurityActions.java:117)
at
org.infinispan.core:ispn-9.4@9.4.16-SNAPSHOT//org.infinispan.security.Security.doPrivileged(Security.java:46)
at
org.infinispan.extension:ispn-9.4@9.4.16-SNAPSHOT//org.jboss.as.clustering.infinispan.subsystem.SecurityActions.doPrivileged(SecurityActions.java:76)
at
org.infinispan.extension:ispn-9.4@9.4.16-SNAPSHOT//org.jboss.as.clustering.infinispan.subsystem.SecurityActions.defineContainerConfiguration(SecurityActions.java:120)
at
org.infinispan.extension:ispn-9.4@9.4.16-SNAPSHOT//org.jboss.as.clustering.infinispan.subsystem.AbstractCacheConfigurationService.start(AbstractCacheConfigurationService.java:76)
at
org.jboss.msc@1.4.3.Final//org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1736)
at
org.jboss.msc@1.4.3.Final//org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1698)
... 6 more
{noformat}
There's another twist: after I restarted the server I enabled security on the cache
again, and this time I got a warning in the console that the change will only be applied
after I restart the server
Mgmt console: home page load fails in case secured cache container
------------------------------------------------------------------
Key: ISPN-10722
URL: https://issues.jboss.org/browse/ISPN-10722
Project: Infinispan
Issue Type: Bug
Components: Console, JMX, reporting and management
Affects Versions: 9.4.16.Final, 10.0.0.CR2
Reporter: Dan Berindei
Assignee: Dan Berindei
Priority: Major
The following exception appears in server logs and hanging screen is visible in browser
when mgmt console home page is accessed, in case when the server is started with secured
cache-container.
{noformat}
12:53:09,199 ERROR [org.jboss.as.controller.management-operation] (External Management
Request Threads -- 2) WFLYCTL0013: Operation ("read-attribute") failed -
address: ([
("subsystem" => "datagrid-infinispan"),
("cache-container" => "local")
]): java.lang.SecurityException: ISPN000287: Unauthorized access: subject 'null'
lacks 'ADMIN' permission
at
org.infinispan.core:ispn-9.4@9.4.16.Final//org.infinispan.security.impl.AuthorizationHelper.checkPermission(AuthorizationHelper.java:87)
at
org.infinispan.core:ispn-9.4@9.4.16.Final//org.infinispan.security.impl.AuthorizationHelper.checkPermission(AuthorizationHelper.java:57)
at
org.infinispan.core:ispn-9.4@9.4.16.Final//org.infinispan.manager.DefaultCacheManager.getDefaultCacheConfiguration(DefaultCacheManager.java:847)
at
org.infinispan.core:ispn-9.4@9.4.16.Final//org.infinispan.xsite.GlobalXSiteAdminOperations.collectXSiteAdminOperation(GlobalXSiteAdminOperations.java:135)
at
org.infinispan.core:ispn-9.4@9.4.16.Final//org.infinispan.xsite.GlobalXSiteAdminOperations.globalStatus(GlobalXSiteAdminOperations.java:86)
at
org.infinispan.extension:ispn-9.4@9.4.16.Final//org.jboss.as.clustering.infinispan.subsystem.CacheContainerMetricsHandler.filterSitesByStatus(CacheContainerMetricsHandler.java:342)
at
org.infinispan.extension:ispn-9.4@9.4.16.Final//org.jboss.as.clustering.infinispan.subsystem.CacheContainerMetricsHandler.executeRuntimeStep(CacheContainerMetricsHandler.java:296)
{noformat}
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
2382
days inactive
2382
days old
infinispan-issues@lists.jboss.org
0 comments
1 participants
participants (1)
-
Dan Berindei (Jira)