]
Vladimir Blagojevic updated ISPN-7254:
--------------------------------------
Status: Pull Request Sent (was: Open)
Git Pull Request:
Administration console - accesing content without needed permissions
should display error meesage
-------------------------------------------------------------------------------------------------
Key: ISPN-7254
URL:
https://issues.jboss.org/browse/ISPN-7254
Project: Infinispan
Issue Type: Bug
Components: JMX, reporting and management
Affects Versions: 9.0.0.Alpha4
Reporter: Roman Macor
Assignee: Vladimir Blagojevic
Attachments: standalone-auth.xml
Create user with admin role, but without ___script_manager and ___schema_manager roles
Start the server with security enabled.
e.g. standalone with attached configuration (but the issue is present in domain mode as
well)
bin/standalone.sh -c standalone-auth.xml
click on cache container -> configuration
result: the console is stuck with loading icon (it's still responding)
Server log show:
ERROR [org.jboss.as.controller.management-operation] (External Management Request Threads
-- 9) WFLYCTL0013: Operation ("get-proto-schema-names") failed - address: ([
"subsystem",
"datagrid-infinispan",
"cache-container",
"local"
]) - failure description: "DGISPN0118: Failed to invoke operation: ISPN000287:
Unauthorized access: subject 'Subject with principal(s):
[org.jboss.as.core.security.SimplePrincipal@36ebcb, user@ManagementRealm,
admin@ManagementRealm, InetAddressPrincipal <127.0.0.1/127.0.0.1>]' lacks
'BULK_READ' permission"
Expected result: there should be an error message in the console informing the user that
he doesn't have required permissions.
*Another issue*: User have admin role, so he should be able to access configuration page,
he shouldn't be able to access scripts and schemes configuration because he lacks
,___script_manager and ___schema_manager