[infinispan-issues] [JBoss JIRA] (ISPN-6261) CLI fails on secured caches

Vojtech Juranek (JIRA) issues at jboss.org
Wed Feb 24 18:09:00 EST 2016 

Vojtech Juranek created ISPN-6261:
-------------------------------------

             Summary: CLI fails on secured caches
                 Key: ISPN-6261
                 URL: https://issues.jboss.org/browse/ISPN-6261
             Project: Infinispan
          Issue Type: Bug
          Components: CLI, Security
            Reporter: Vojtech Juranek
            Assignee: Vojtech Juranek


When running CLI on secured caches, it fails with exception bellow. This exception is quite confusing, as user has properly defined ADMIN permission on given cache. What is actually happening is that some operation, like statistics, called by CLI, iterates over all defined caches, including internal caches, and user hasn't required permission on all these caches (in this case on internal script cache)

{noformat}
00:04:23,563 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 1) WFLYCTL0013: Operation ("read-attribute") failed - address: ([
    ("subsystem" => "datagrid-infinispan"),
    ("cache-container" => "local")
]): java.lang.SecurityException: ISPN000287: Unauthorized access: subject 'Subject with principal(s): [user at ManagementRealm, admin at ManagementRealm, admin, org.jboss.remoting3.security.UserPrincipal at 36ebcb, InetAddressPrincipal <127.0.0.1/127.0.0.1>, InetAddressPrincipal <127.0.0.1/127.0.0.1>]' lacks 'ADMIN' permission
        at org.infinispan.security.impl.AuthorizationHelper.checkPermission(AuthorizationHelper.java:86)
        at org.infinispan.security.impl.AuthorizationManagerImpl.checkPermission(AuthorizationManagerImpl.java:37)
        at org.infinispan.security.impl.SecureCacheImpl.getStats(SecureCacheImpl.java:567)
        at org.infinispan.stats.impl.CacheContainerStatsImpl.calculateAverageRemoveTime(CacheContainerStatsImpl.java:131)
        at org.infinispan.stats.impl.CacheContainerStatsImpl.getAverageRemoveTime(CacheContainerStatsImpl.java:121)
        at org.jboss.as.clustering.infinispan.subsystem.CacheContainerMetricsHandler.executeRuntimeStep(CacheContainerMetricsHandler.java:196)
        at org.jboss.as.controller.AbstractRuntimeOnlyHandler$1.execute(AbstractRuntimeOnlyHandler.java:53)                                                                                                      
{noformat}



--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

More information about the infinispan-issues mailing list