[infinispan-issues] [JBoss JIRA] (ISPN-8059) HotRod keySet operation requires ADMIN permissions

[Martin Gencur (JIRA)]

     [ https://issues.jboss.org/browse/ISPN-8059?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Martin Gencur updated ISPN-8059:
--------------------------------
    Description: 
Steps to reproduce:
1) uncomment testKeySet in HotRodOperationsAuthzIT#testSupervisor
(note that the supervisor has BULK_READ permission defined in configuration)
2) run the test in the server test suite

This bug seems to be resolved in current master branch (9.1.0-SNAPSHOT - commit 5c5ff99) as I wasn't able to reproduce it there.

Stacktrace:
{code}
testSupervisor(org.infinispan.server.test.client.hotrod.security.HotRodOperationsAuthzIT)  Time elapsed: 0.216 sec  <<< ERROR!
org.infinispan.client.hotrod.exceptions.HotRodClientException: java.lang.SecurityException: ISPN000287: Unauthorized access: subject 'Subject with principal(s): [SimpleUserPrincipal [name=supervisor], InetAddressPrincipal [address=127.0.0.1/127.0.0.1], supervisor at ApplicationRealm, supervisor at ApplicationRealm, supervisor]' lacks 'ADMIN' permission
	at org.infinispan.client.hotrod.impl.protocol.Codec20.checkForErrorsInResponseStatus(Codec20.java:363)
	at org.infinispan.client.hotrod.impl.protocol.Codec20.readPartialHeader(Codec20.java:152)
	at org.infinispan.client.hotrod.impl.protocol.Codec20.readHeader(Codec20.java:138)
	at org.infinispan.client.hotrod.impl.operations.HotRodOperation.readHeaderAndValidate(HotRodOperation.java:60)
	at org.infinispan.client.hotrod.impl.operations.BulkGetKeysOperation.executeOperation(BulkGetKeysOperation.java:39)
	at org.infinispan.client.hotrod.impl.operations.BulkGetKeysOperation.executeOperation(BulkGetKeysOperation.java:20)
	at org.infinispan.client.hotrod.impl.operations.RetryOnFailureOperation.execute(RetryOnFailureOperation.java:56)
	at org.infinispan.client.hotrod.impl.RemoteCacheImpl.keySet(RemoteCacheImpl.java:529)
	at org.infinispan.server.test.client.hotrod.security.HotRodAuthzOperationTests.testKeySet(HotRodAuthzOperationTests.java:113)
	at org.infinispan.server.test.client.hotrod.security.HotRodOperationsAuthzIT.testSupervisor(HotRodOperationsAuthzIT.java:111)

{code}

  was:
Steps to reproduce:
1) uncomment testKeySet in HotRodOperationsAuthzIT#testSupervisor
(note that the supervisor has BULK_READ permission defined in configuration)
2) run the test in the server test suite

This bug seems to be resolved in current master branch (9.1.0-SNAPSHOT) as I wasn't able to reproduce it there.

Stacktrace:
{code}
testSupervisor(org.infinispan.server.test.client.hotrod.security.HotRodOperationsAuthzIT)  Time elapsed: 0.216 sec  <<< ERROR!
org.infinispan.client.hotrod.exceptions.HotRodClientException: java.lang.SecurityException: ISPN000287: Unauthorized access: subject 'Subject with principal(s): [SimpleUserPrincipal [name=supervisor], InetAddressPrincipal [address=127.0.0.1/127.0.0.1], supervisor at ApplicationRealm, supervisor at ApplicationRealm, supervisor]' lacks 'ADMIN' permission
	at org.infinispan.client.hotrod.impl.protocol.Codec20.checkForErrorsInResponseStatus(Codec20.java:363)
	at org.infinispan.client.hotrod.impl.protocol.Codec20.readPartialHeader(Codec20.java:152)
	at org.infinispan.client.hotrod.impl.protocol.Codec20.readHeader(Codec20.java:138)
	at org.infinispan.client.hotrod.impl.operations.HotRodOperation.readHeaderAndValidate(HotRodOperation.java:60)
	at org.infinispan.client.hotrod.impl.operations.BulkGetKeysOperation.executeOperation(BulkGetKeysOperation.java:39)
	at org.infinispan.client.hotrod.impl.operations.BulkGetKeysOperation.executeOperation(BulkGetKeysOperation.java:20)
	at org.infinispan.client.hotrod.impl.operations.RetryOnFailureOperation.execute(RetryOnFailureOperation.java:56)
	at org.infinispan.client.hotrod.impl.RemoteCacheImpl.keySet(RemoteCacheImpl.java:529)
	at org.infinispan.server.test.client.hotrod.security.HotRodAuthzOperationTests.testKeySet(HotRodAuthzOperationTests.java:113)
	at org.infinispan.server.test.client.hotrod.security.HotRodOperationsAuthzIT.testSupervisor(HotRodOperationsAuthzIT.java:111)

{code}



> HotRod keySet operation requires ADMIN permissions
> --------------------------------------------------
>
>                 Key: ISPN-8059
>                 URL: https://issues.jboss.org/browse/ISPN-8059
>             Project: Infinispan
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 9.0.3.Final
>            Reporter: Martin Gencur
>
> Steps to reproduce:
> 1) uncomment testKeySet in HotRodOperationsAuthzIT#testSupervisor
> (note that the supervisor has BULK_READ permission defined in configuration)
> 2) run the test in the server test suite
> This bug seems to be resolved in current master branch (9.1.0-SNAPSHOT - commit 5c5ff99) as I wasn't able to reproduce it there.
> Stacktrace:
> {code}
> testSupervisor(org.infinispan.server.test.client.hotrod.security.HotRodOperationsAuthzIT)  Time elapsed: 0.216 sec  <<< ERROR!
> org.infinispan.client.hotrod.exceptions.HotRodClientException: java.lang.SecurityException: ISPN000287: Unauthorized access: subject 'Subject with principal(s): [SimpleUserPrincipal [name=supervisor], InetAddressPrincipal [address=127.0.0.1/127.0.0.1], supervisor at ApplicationRealm, supervisor at ApplicationRealm, supervisor]' lacks 'ADMIN' permission
> 	at org.infinispan.client.hotrod.impl.protocol.Codec20.checkForErrorsInResponseStatus(Codec20.java:363)
> 	at org.infinispan.client.hotrod.impl.protocol.Codec20.readPartialHeader(Codec20.java:152)
> 	at org.infinispan.client.hotrod.impl.protocol.Codec20.readHeader(Codec20.java:138)
> 	at org.infinispan.client.hotrod.impl.operations.HotRodOperation.readHeaderAndValidate(HotRodOperation.java:60)
> 	at org.infinispan.client.hotrod.impl.operations.BulkGetKeysOperation.executeOperation(BulkGetKeysOperation.java:39)
> 	at org.infinispan.client.hotrod.impl.operations.BulkGetKeysOperation.executeOperation(BulkGetKeysOperation.java:20)
> 	at org.infinispan.client.hotrod.impl.operations.RetryOnFailureOperation.execute(RetryOnFailureOperation.java:56)
> 	at org.infinispan.client.hotrod.impl.RemoteCacheImpl.keySet(RemoteCacheImpl.java:529)
> 	at org.infinispan.server.test.client.hotrod.security.HotRodAuthzOperationTests.testKeySet(HotRodAuthzOperationTests.java:113)
> 	at org.infinispan.server.test.client.hotrod.security.HotRodOperationsAuthzIT.testSupervisor(HotRodOperationsAuthzIT.java:111)
> {code}



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)