[infinispan-issues] [JBoss JIRA] (ISPN-12113) HTTP authentication with only Digest SHA mechanisms fails
Tristan Tarrant (Jira)
issues at jboss.org
Tue Jul 14 03:25:01 EDT 2020
[ https://issues.redhat.com/browse/ISPN-12113?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Tristan Tarrant updated ISPN-12113:
-----------------------------------
Security: (was: Red Hat Internal)
> HTTP authentication with only Digest SHA mechanisms fails
> ---------------------------------------------------------
>
> Key: ISPN-12113
> URL: https://issues.redhat.com/browse/ISPN-12113
> Project: Infinispan
> Issue Type: Bug
> Reporter: Francisco De Melo Junior
> Assignee: Francisco De Melo Junior
> Priority: Minor
> Labels: authentication, encryption, rest
> Fix For: 12.0.0.Final
>
>
> Request: Make Rest protocol to work with cache authentication/encryption.
> Description:
> The REST protocol is not supported for use with cache authentication/authorization will result in a SecurityException and this happens also when using CLI.
> According to Red Hat Data Grid 7 Server Guide (and following solution https://access.redhat.com/solutions/2947551)
> Test:
> The below configuration is expected to fail because one cannot use cache-container authentication <and> REST protocol.
> {code:xml}
> <cache-container name="clustered" default-cache="sessionCache" statistics="true">
> <transport stack="tcp-stack" site="z9" cluster="clustered" node-name="rhdgserver" />
> <security>
> <authorization>
> <identity-role-mapper />
> <role name="admin" permissions="ALL" />
> <role name="reader" permissions="READ" />
> <role name="writer" permissions="WRITE" />
> </authorization>
> </security>
> <metrics gauges="true" histograms="true" />
> </cache-container>
> (...)
> <endpoints socket-binding="default" security-realm="default">
> <hotrod-connector name="hotrod">
> <authentication>
> <sasl server-name="rhdgserver" mechanisms="DIGEST-SHA-256" qop="auth" />
> </authentication>
> </hotrod-connector>
> <rest-connector name="rest">
> <authentication mechanisms="DIGEST-SHA-256"/>
> </rest-connector>
> </endpoints>
> {code}
> Workaround:
> Testing with one, or the other, works. As in:
> {noformat}
> #curl -u admin:admin http://localhost:11222/rest/v2/caches/test1
> {"stats":{"hits":0,"current_number_of_entries_in_memory":0,"time_since_start":32,"time_since_reset":32,"current_number_of_entries":0,"total_number_of_entries":0,"off_heap_memory_used":0,"data_memory_used":0,"remove_hits":0,"remove_misses":0,"evictions":0,"average_read_time":0,"average_read_time_nanos":0,"average_write_time":0,"average_write_time_nanos":0,"average_remove_time":0,"average_remove_time_nanos":0,"required_minimum_number_of_nodes":1,"retrievals":0,"stores":0,"misses":0},"size":0,"configuration":{"distributed-cache":{"mode":"SYNC","remote-timeout":17500,"state-transfer":{"timeout":60000},"transaction":{"mode":"NONE"},"memory":{"object":{}},"locking":{"concurrency-level":1000,"acquire-timeout":15000,"striping":false},"statistics":true}},"rehash_in_progress":false,"bounded":false,"indexed":false,"persistent":false,"transactional":false,"secured":false,"has_remote_backup":false,"indexing_in_progress":false,"statistics":true}
> {noformat}
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
More information about the infinispan-issues
mailing list