[infinispan-issues] [JBoss JIRA] (ISPN-9543) Unable to login in management console after securing cache container

Gustavo Lira (Jira) issues at jboss.org
Tue Oct 30 15:09:00 EDT 2018 

     [ https://issues.jboss.org/browse/ISPN-9543?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Gustavo Lira closed ISPN-9543.
------------------------------


> Unable to login in management console after securing cache container
> --------------------------------------------------------------------
>
>                 Key: ISPN-9543
>                 URL: https://issues.jboss.org/browse/ISPN-9543
>             Project: Infinispan
>          Issue Type: Bug
>          Components: JMX, reporting and management, Security, Server
>    Affects Versions: 9.4.0.CR3
>         Environment: JDG 7.2.2 continuously logs errors in server log and management console becomes unavailable.
>            Reporter: Tristan Tarrant
>            Assignee: Tristan Tarrant
>            Priority: Major
>             Fix For: 9.4.0.Final
>
>
> I configured cache container security in standalone.xml file :
> ~~~
>   <cache-container name="local" default-cache="default" statistics="true">
>                <security>
>            <authorization>
>              <identity-role-mapper />
>              <role name="admin" permissions="ALL"/>
>            </authorization>
>         </security>
> ~~~
> I created a management user "Saurabh" and assigned role "admin" to him- PFA attached mgmt-groups.properties.
> Below is the exception snippet :
> ~~~
> 2018-09-18 22:57:57,118 ERROR [org.jboss.as.controller.management-operation] (External Management Request Threads -- 4) WFLYCTL0013: Operation ("read-attribute") failed - address: ([
>     ("subsystem" => "datagrid-infinispan"),
>     ("cache-container" => "local")
> ]): java.lang.SecurityException: ISPN000287: Unauthorized access: subject 'Subject with principal(s): [org.jboss.as.core.security.SimplePrincipal at 6f98bb1c, saurabh at ManagementRealm, admin at ManagementRealm, admin, InetAddressPrincipal <127.0.0.1/127.0.0.1>]' lacks 'ADMIN' permission
> 	at org.infinispan.security.impl.AuthorizationHelper.checkPermission(AuthorizationHelper.java:87)
> ~~~



--
This message was sent by Atlassian Jira
(v7.12.1#712002)

More information about the infinispan-issues mailing list