[infinispan-issues] [JBoss JIRA] (ISPN-8059) HotRod keySet operation requires ADMIN permissions

Tristan Tarrant (Jira) issues at jboss.org
Mon Jul 20 08:38:02 EDT 2020 

     [ https://issues.redhat.com/browse/ISPN-8059?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Tristan Tarrant closed ISPN-8059.
---------------------------------
    Resolution: Out of Date


> HotRod keySet operation requires ADMIN permissions
> --------------------------------------------------
>
>                 Key: ISPN-8059
>                 URL: https://issues.redhat.com/browse/ISPN-8059
>             Project: Infinispan
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 9.0.3.Final
>            Reporter: Martin Gencur
>            Priority: Major
>
> Steps to reproduce:
> 1) uncomment testKeySet in HotRodOperationsAuthzIT#testSupervisor
> (note that the supervisor has BULK_READ permission defined in configuration)
> 2) run the test in the server test suite
> This bug seems to be resolved in current master branch (9.1.0-SNAPSHOT - commit 5c5ff99) as I wasn't able to reproduce it there.
> Stacktrace:
> {code}
> testSupervisor(org.infinispan.server.test.client.hotrod.security.HotRodOperationsAuthzIT)  Time elapsed: 0.216 sec  <<< ERROR!
> org.infinispan.client.hotrod.exceptions.HotRodClientException: java.lang.SecurityException: ISPN000287: Unauthorized access: subject 'Subject with principal(s): [SimpleUserPrincipal [name=supervisor], InetAddressPrincipal [address=127.0.0.1/127.0.0.1], supervisor at ApplicationRealm, supervisor at ApplicationRealm, supervisor]' lacks 'ADMIN' permission
> 	at org.infinispan.client.hotrod.impl.protocol.Codec20.checkForErrorsInResponseStatus(Codec20.java:363)
> 	at org.infinispan.client.hotrod.impl.protocol.Codec20.readPartialHeader(Codec20.java:152)
> 	at org.infinispan.client.hotrod.impl.protocol.Codec20.readHeader(Codec20.java:138)
> 	at org.infinispan.client.hotrod.impl.operations.HotRodOperation.readHeaderAndValidate(HotRodOperation.java:60)
> 	at org.infinispan.client.hotrod.impl.operations.BulkGetKeysOperation.executeOperation(BulkGetKeysOperation.java:39)
> 	at org.infinispan.client.hotrod.impl.operations.BulkGetKeysOperation.executeOperation(BulkGetKeysOperation.java:20)
> 	at org.infinispan.client.hotrod.impl.operations.RetryOnFailureOperation.execute(RetryOnFailureOperation.java:56)
> 	at org.infinispan.client.hotrod.impl.RemoteCacheImpl.keySet(RemoteCacheImpl.java:529)
> 	at org.infinispan.server.test.client.hotrod.security.HotRodAuthzOperationTests.testKeySet(HotRodAuthzOperationTests.java:113)
> 	at org.infinispan.server.test.client.hotrod.security.HotRodOperationsAuthzIT.testSupervisor(HotRodOperationsAuthzIT.java:111)
> {code}



--
This message was sent by Atlassian Jira
(v7.13.8#713008)

More information about the infinispan-issues mailing list