[infinispan-issues] [JBoss JIRA] (ISPN-11467) IteratorHandler cannot start in a secure cache

Dan Berindei (Jira) issues at jboss.org
Fri Mar 13 08:55:33 EDT 2020 

     [ https://issues.redhat.com/browse/ISPN-11467?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Dan Berindei updated ISPN-11467:
--------------------------------
    Status: Open  (was: New)


> IteratorHandler cannot start in a secure cache
> ----------------------------------------------
>
>                 Key: ISPN-11467
>                 URL: https://issues.redhat.com/browse/ISPN-11467
>             Project: Infinispan
>          Issue Type: Bug
>          Components: Core
>    Affects Versions: 10.1.4.Final
>            Reporter: Dan Berindei
>            Assignee: Dan Berindei
>            Priority: Major
>              Labels: testsuite_stability
>             Fix For: 10.1.5.Final
>
>
> {{IteratorHandler.start()}} tries to add a listener on the cache manager, which fails when the cache manager has security enabled:
> {noformat}
> java.lang.SecurityException: ISPN000287: Unauthorized access: subject 'null' lacks 'LISTEN' permission
> 	at org.infinispan.security.impl.AuthorizationHelper.checkPermission(AuthorizationHelper.java:100)
> 	at org.infinispan.security.impl.AuthorizationHelper.checkPermission(AuthorizationHelper.java:66)
> 	at org.infinispan.manager.DefaultCacheManager.addListenerAsync(DefaultCacheManager.java:846)
> 	at org.infinispan.notifications.Listenable.addListener(Listenable.java:27)
> 	at org.infinispan.stream.impl.IteratorHandler.start(IteratorHandler.java:82)
> 	at org.infinispan.stream.impl.CorePackageImpl$1.start(CorePackageImpl.java:33)
> 	at org.infinispan.stream.impl.CorePackageImpl$1.start(CorePackageImpl.java:27)
> 	at org.infinispan.factories.impl.BasicComponentRegistryImpl.invokeStart(BasicComponentRegistryImpl.java:587)
> 	at org.infinispan.factories.impl.BasicComponentRegistryImpl.doStartWrapper(BasicComponentRegistryImpl.java:578)
> 	at org.infinispan.factories.impl.BasicComponentRegistryImpl.startWrapper(BasicComponentRegistryImpl.java:547)
> 	at org.infinispan.factories.impl.BasicComponentRegistryImpl.access$700(BasicComponentRegistryImpl.java:30)
> 	at org.infinispan.factories.impl.BasicComponentRegistryImpl$ComponentWrapper.running(BasicComponentRegistryImpl.java:770)
> 	at org.infinispan.factories.impl.BasicComponentRegistryImpl.startDependencies(BasicComponentRegistryImpl.java:605)
> 	at org.infinispan.factories.impl.BasicComponentRegistryImpl.doStartWrapper(BasicComponentRegistryImpl.java:569)
> 	at org.infinispan.factories.impl.BasicComponentRegistryImpl.startWrapper(BasicComponentRegistryImpl.java:547)
> 	at org.infinispan.factories.impl.BasicComponentRegistryImpl.access$700(BasicComponentRegistryImpl.java:30)
> 	at org.infinispan.factories.impl.BasicComponentRegistryImpl$ComponentWrapper.running(BasicComponentRegistryImpl.java:770)
> 	at org.infinispan.factories.AbstractComponentRegistry.internalStart(AbstractComponentRegistry.java:341)
> 	at org.infinispan.factories.AbstractComponentRegistry.start(AbstractComponentRegistry.java:237)
> 	at org.infinispan.factories.ComponentRegistry.start(ComponentRegistry.java:209)
> 	at org.infinispan.cache.impl.CacheImpl.start(CacheImpl.java:1088)
> 	at org.infinispan.cache.impl.AbstractDelegatingCache.start(AbstractDelegatingCache.java:513)
> 	at org.infinispan.cache.impl.AbstractDelegatingCache.start(AbstractDelegatingCache.java:513)
> 	at org.infinispan.cache.impl.AbstractDelegatingCache.start(AbstractDelegatingCache.java:513)
> 	at org.infinispan.manager.DefaultCacheManager.wireAndStartCache(DefaultCacheManager.java:693)
> 	at org.infinispan.manager.DefaultCacheManager.createCache(DefaultCacheManager.java:632)
> 	at org.infinispan.manager.DefaultCacheManager.access$000(DefaultCacheManager.java:137)
> 	at org.infinispan.manager.DefaultCacheManager$1.run(DefaultCacheManager.java:554)
> {noformat}
> {{SecureRemoteCacheAdminTest}} is failing on branch 10.1.x because of this, after ISPN-11435 made {{DefaultCacheManager}} start all the caches automatically. The test uses {{Security.doPrivileged()}} to start the cache manager, but internally {{InfinispanDirectoryProvider.start()}} uses {{startCaches()}}, which spawns a new thread for each cache that needs to be started, without any privileges.



--
This message was sent by Atlassian Jira
(v7.13.8#713008)

More information about the infinispan-issues mailing list