[JBoss JIRA] (ISPN-8059) HotRod keySet operation requires ADMIN permissions

Wednesday, 12 July 2017

     [
https://issues.jboss.org/browse/ISPN-8059?page=com.atlassian.jira.plugin....
]

Martin Gencur updated ISPN-8059:
--------------------------------
    Description: 
Steps to reproduce:
1) uncomment testKeySet in HotRodOperationsAuthzIT#testSupervisor
(note that the supervisor has BULK_READ permission defined in configuration)
2) run the test in the server test suite

This bug seems to be resolved in current master branch (9.1.0-SNAPSHOT - commit 5c5ff99)
as I wasn't able to reproduce it there.

Stacktrace:
{code}
testSupervisor(org.infinispan.server.test.client.hotrod.security.HotRodOperationsAuthzIT) 
Time elapsed: 0.216 sec  <<< ERROR!
org.infinispan.client.hotrod.exceptions.HotRodClientException:
java.lang.SecurityException: ISPN000287: Unauthorized access: subject 'Subject with
principal(s): [SimpleUserPrincipal [name=supervisor], InetAddressPrincipal
[address=127.0.0.1/127.0.0.1], supervisor@ApplicationRealm, supervisor@ApplicationRealm,
supervisor]' lacks 'ADMIN' permission
	at
org.infinispan.client.hotrod.impl.protocol.Codec20.checkForErrorsInResponseStatus(Codec20.java:363)
	at
org.infinispan.client.hotrod.impl.protocol.Codec20.readPartialHeader(Codec20.java:152)
	at org.infinispan.client.hotrod.impl.protocol.Codec20.readHeader(Codec20.java:138)
	at
org.infinispan.client.hotrod.impl.operations.HotRodOperation.readHeaderAndValidate(HotRodOperation.java:60)
	at
org.infinispan.client.hotrod.impl.operations.BulkGetKeysOperation.executeOperation(BulkGetKeysOperation.java:39)
	at
org.infinispan.client.hotrod.impl.operations.BulkGetKeysOperation.executeOperation(BulkGetKeysOperation.java:20)
	at
org.infinispan.client.hotrod.impl.operations.RetryOnFailureOperation.execute(RetryOnFailureOperation.java:56)
	at org.infinispan.client.hotrod.impl.RemoteCacheImpl.keySet(RemoteCacheImpl.java:529)
	at
org.infinispan.server.test.client.hotrod.security.HotRodAuthzOperationTests.testKeySet(HotRodAuthzOperationTests.java:113)
	at
org.infinispan.server.test.client.hotrod.security.HotRodOperationsAuthzIT.testSupervisor(HotRodOperationsAuthzIT.java:111)

{code}

  was:
Steps to reproduce:
1) uncomment testKeySet in HotRodOperationsAuthzIT#testSupervisor
(note that the supervisor has BULK_READ permission defined in configuration)
2) run the test in the server test suite

This bug seems to be resolved in current master branch (9.1.0-SNAPSHOT) as I wasn't
able to reproduce it there.

Stacktrace:
{code}
testSupervisor(org.infinispan.server.test.client.hotrod.security.HotRodOperationsAuthzIT) 
Time elapsed: 0.216 sec  <<< ERROR!
org.infinispan.client.hotrod.exceptions.HotRodClientException:
java.lang.SecurityException: ISPN000287: Unauthorized access: subject 'Subject with
principal(s): [SimpleUserPrincipal [name=supervisor], InetAddressPrincipal
[address=127.0.0.1/127.0.0.1], supervisor@ApplicationRealm, supervisor@ApplicationRealm,
supervisor]' lacks 'ADMIN' permission
	at
org.infinispan.client.hotrod.impl.protocol.Codec20.checkForErrorsInResponseStatus(Codec20.java:363)
	at
org.infinispan.client.hotrod.impl.protocol.Codec20.readPartialHeader(Codec20.java:152)
	at org.infinispan.client.hotrod.impl.protocol.Codec20.readHeader(Codec20.java:138)
	at
org.infinispan.client.hotrod.impl.operations.HotRodOperation.readHeaderAndValidate(HotRodOperation.java:60)
	at
org.infinispan.client.hotrod.impl.operations.BulkGetKeysOperation.executeOperation(BulkGetKeysOperation.java:39)
	at
org.infinispan.client.hotrod.impl.operations.BulkGetKeysOperation.executeOperation(BulkGetKeysOperation.java:20)
	at
org.infinispan.client.hotrod.impl.operations.RetryOnFailureOperation.execute(RetryOnFailureOperation.java:56)
	at org.infinispan.client.hotrod.impl.RemoteCacheImpl.keySet(RemoteCacheImpl.java:529)
	at
org.infinispan.server.test.client.hotrod.security.HotRodAuthzOperationTests.testKeySet(HotRodAuthzOperationTests.java:113)
	at
org.infinispan.server.test.client.hotrod.security.HotRodOperationsAuthzIT.testSupervisor(HotRodOperationsAuthzIT.java:111)

{code}

...
 HotRod keySet operation requires ADMIN permissions
 --------------------------------------------------

                 Key: ISPN-8059
                 URL: https://issues.jboss.org/browse/ISPN-8059
             Project: Infinispan
          Issue Type: Bug
          Components: Security
    Affects Versions: 9.0.3.Final
            Reporter: Martin Gencur

 Steps to reproduce:
 1) uncomment testKeySet in HotRodOperationsAuthzIT#testSupervisor
 (note that the supervisor has BULK_READ permission defined in configuration)
 2) run the test in the server test suite
 This bug seems to be resolved in current master branch (9.1.0-SNAPSHOT - commit 5c5ff99)
as I wasn't able to reproduce it there.
 Stacktrace:
 {code}
 testSupervisor(org.infinispan.server.test.client.hotrod.security.HotRodOperationsAuthzIT)
 Time elapsed: 0.216 sec  <<< ERROR!
 org.infinispan.client.hotrod.exceptions.HotRodClientException:
java.lang.SecurityException: ISPN000287: Unauthorized access: subject 'Subject with
principal(s): [SimpleUserPrincipal [name=supervisor], InetAddressPrincipal
[address=127.0.0.1/127.0.0.1], supervisor@ApplicationRealm, supervisor@ApplicationRealm,
supervisor]' lacks 'ADMIN' permission
 	at
org.infinispan.client.hotrod.impl.protocol.Codec20.checkForErrorsInResponseStatus(Codec20.java:363)
 	at
org.infinispan.client.hotrod.impl.protocol.Codec20.readPartialHeader(Codec20.java:152)
 	at org.infinispan.client.hotrod.impl.protocol.Codec20.readHeader(Codec20.java:138)
 	at
org.infinispan.client.hotrod.impl.operations.HotRodOperation.readHeaderAndValidate(HotRodOperation.java:60)
 	at
org.infinispan.client.hotrod.impl.operations.BulkGetKeysOperation.executeOperation(BulkGetKeysOperation.java:39)
 	at
org.infinispan.client.hotrod.impl.operations.BulkGetKeysOperation.executeOperation(BulkGetKeysOperation.java:20)
 	at
org.infinispan.client.hotrod.impl.operations.RetryOnFailureOperation.execute(RetryOnFailureOperation.java:56)
 	at org.infinispan.client.hotrod.impl.RemoteCacheImpl.keySet(RemoteCacheImpl.java:529)
 	at
org.infinispan.server.test.client.hotrod.security.HotRodAuthzOperationTests.testKeySet(HotRodAuthzOperationTests.java:113)
 	at
org.infinispan.server.test.client.hotrod.security.HotRodOperationsAuthzIT.testSupervisor(HotRodOperationsAuthzIT.java:111)
 {code} 

--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009