[infinispan-issues] [JBoss JIRA] (ISPN-8059) HotRod keySet operation requires ADMIN permissions

Martin Gencur (JIRA) issues at jboss.org
Wed Jul 12 07:58:00 EDT 2017 

Martin Gencur created ISPN-8059:
-----------------------------------

             Summary: HotRod keySet operation requires ADMIN permissions
                 Key: ISPN-8059
                 URL: https://issues.jboss.org/browse/ISPN-8059
             Project: Infinispan
          Issue Type: Bug
          Components: Security
    Affects Versions: 9.0.3.Final
            Reporter: Martin Gencur


Steps to reproduce:
1) uncomment testKeySet in HotRodOperationsAuthzIT#testSupervisor
(note that the supervisor has BULK_READ permission defined in configuration)
2) run the test in the server test suite

This bug seems to be resolved in current master branch (9.1.0-SNAPSHOT) as I wasn't able to reproduce it there.

Stacktrace:
{code}
testSupervisor(org.infinispan.server.test.client.hotrod.security.HotRodOperationsAuthzIT)  Time elapsed: 0.216 sec  <<< ERROR!
org.infinispan.client.hotrod.exceptions.HotRodClientException: java.lang.SecurityException: ISPN000287: Unauthorized access: subject 'Subject with principal(s): [SimpleUserPrincipal [name=supervisor], InetAddressPrincipal [address=127.0.0.1/127.0.0.1], supervisor at ApplicationRealm, supervisor at ApplicationRealm, supervisor]' lacks 'ADMIN' permission
	at org.infinispan.client.hotrod.impl.protocol.Codec20.checkForErrorsInResponseStatus(Codec20.java:363)
	at org.infinispan.client.hotrod.impl.protocol.Codec20.readPartialHeader(Codec20.java:152)
	at org.infinispan.client.hotrod.impl.protocol.Codec20.readHeader(Codec20.java:138)
	at org.infinispan.client.hotrod.impl.operations.HotRodOperation.readHeaderAndValidate(HotRodOperation.java:60)
	at org.infinispan.client.hotrod.impl.operations.BulkGetKeysOperation.executeOperation(BulkGetKeysOperation.java:39)
	at org.infinispan.client.hotrod.impl.operations.BulkGetKeysOperation.executeOperation(BulkGetKeysOperation.java:20)
	at org.infinispan.client.hotrod.impl.operations.RetryOnFailureOperation.execute(RetryOnFailureOperation.java:56)
	at org.infinispan.client.hotrod.impl.RemoteCacheImpl.keySet(RemoteCacheImpl.java:529)
	at org.infinispan.server.test.client.hotrod.security.HotRodAuthzOperationTests.testKeySet(HotRodAuthzOperationTests.java:113)
	at org.infinispan.server.test.client.hotrod.security.HotRodOperationsAuthzIT.testSupervisor(HotRodOperationsAuthzIT.java:111)

{code}



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the infinispan-issues mailing list