[infinispan-issues] [JBoss JIRA] (ISPN-8063) HealthCheck does't work with Secured Caches

Sebastian Łaskawiec (JIRA) issues at jboss.org
Thu Jul 13 03:40:00 EDT 2017 

Sebastian Łaskawiec created ISPN-8063:
-----------------------------------------

             Summary: HealthCheck does't work with Secured Caches
                 Key: ISPN-8063
                 URL: https://issues.jboss.org/browse/ISPN-8063
             Project: Infinispan
          Issue Type: Bug
          Components: Core, Server
    Affects Versions: 9.1.0.CR1
            Reporter: Sebastian Łaskawiec
            Assignee: Sebastian Łaskawiec


Configuration snippet: 
{code}
clustered.xml

<security>
    <authorization>
        <identity-role-mapper />
        <role name="ADMIN" permissions="ALL ADMIN"/>
    </authorization>
</security>
<distributed-cache name="default" mode="SYNC"          >
    <security>
        <authorization enabled="true" roles="ADMIN"/>
    </security>
</distributed-cache>

application-roles.properties

admin=REST,admin,ADMIN
{code}

CLI call:
{code}
/subsystem=datagrid-infinispan/cache-container=clustered/health=HEALTH:read-resource(include-runtime=true)
{code}

Exception reported:
{noformat}
08:12:26,128 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 2) WFLYCTL0013: Operation ("read-attribute") failed - address: ([
    ("subsystem" => "datagrid-infinispan"),
    ("cache-container" => "clustered"),
    ("health" => "HEALTH")
]): java.lang.SecurityException: ISPN000287: Unauthorized access: subject 'Subject with principal(s): [$local at ManagementRealm, org.jboss.remoting3.security.UserPrincipal at 439455c7, InetAddressPrincipal <127.0.0.1/127.0.0.1>, InetAddressPrincipal <127.0.0.1/127.0.0.1>]' lacks 'ADMIN' permission
	at org.infinispan.security.impl.AuthorizationHelper.checkPermission(AuthorizationHelper.java:87)
	at org.infinispan.security.impl.AuthorizationManagerImpl.checkPermission(AuthorizationManagerImpl.java:49)
	at org.infinispan.security.impl.SecureCacheImpl.getDistributionManager(SecureCacheImpl.java:409)
	at org.infinispan.health.impl.CacheHealthImpl.getStatus(CacheHealthImpl.java:28)
	at org.infinispan.health.impl.ClusterHealthImpl.lambda$getHealthStatus$2(ClusterHealthImpl.java:26)
	at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:193)
	at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:193)
	at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:193)
	at java.util.Iterator.forEachRemaining(Iterator.java:116)
	at java.util.Spliterators$IteratorSpliterator.forEachRemaining(Spliterators.java:1801)
	at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:481)
	at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:471)
	at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:708)
	at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
	at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:499)
	at org.infinispan.health.impl.ClusterHealthImpl.getHealthStatus(ClusterHealthImpl.java:27)
	at org.jboss.as.clustering.infinispan.subsystem.HealthMetricsHandler.executeRuntimeStep(HealthMetricsHandler.java:144)
	at org.jboss.as.controller.AbstractRuntimeOnlyHandler$1.execute(AbstractRuntimeOnlyHandler.java:53)
	at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:890)
	at org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:659)
	at org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:370)
	at org.jboss.as.controller.OperationContextImpl.executeOperation(OperationContextImpl.java:1329)
	at org.jboss.as.controller.ModelControllerImpl.internalExecute(ModelControllerImpl.java:400)
	at org.jboss.as.controller.ModelControllerImpl.execute(ModelControllerImpl.java:222)
	at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.doExecute(ModelControllerClientOperationHandler.java:208)
	at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.access$300(ModelControllerClientOperationHandler.java:130)
	at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$1.run(ModelControllerClientOperationHandler.java:152)
	at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$1.run(ModelControllerClientOperationHandler.java:148)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.security.auth.Subject.doAs(Subject.java:422)
	at org.jboss.as.controller.AccessAuditContext.doAs(AccessAuditContext.java:149)
	at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1.execute(ModelControllerClientOperationHandler.java:148)
	at org.jboss.as.protocol.mgmt.AbstractMessageHandler$ManagementRequestContextImpl$1.doExecute(AbstractMessageHandler.java:363)
	at org.jboss.as.protocol.mgmt.AbstractMessageHandler$AsyncTaskRunner.run(AbstractMessageHandler.java:472)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:748)
	at org.jboss.threads.JBossThread.run(JBossThread.java:320)
{noformat}



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the infinispan-issues mailing list