Loading...

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 13.0.12.Final, 14.0.1.Final
Affects Version/s: 13.0.10.Final
Component/s: Tasks
Labels:
None

Steps to Reproduce:

Hide

Reproducer can be found here -> https://github.com/wfink/infinispan.playground.server

Show
Reproducer can be found here -> https://github.com/wfink/infinispan.playground.server
Git Pull Request:
https://github.com/infinispan/infinispan/pull/10317, https://github.com/infinispan/infinispan/pull/10322

To execute a Server side task the expectation is that EXEC permission is needed and nothing else (if there is no special permission needed inside the task code).

But the invocation fails with "lacks ADMIN permission" without reaching the task code

ERROR (non-blocking-thread--p2-t11) [org.infinispan.server.hotrod.BaseRequestProcessor:org.infinispan.server.hotrod.BaseRequestProcessor.writeException(BaseRequestProcessor.java:85)] ISPN005003: Exception reported java.lang.SecurityException: ISPN000287: Unauthorized access: subject 'Subject with principal(s): [wfink, RolePrincipal{name='task'}, InetAddressPrincipal [address=127.0.0.1/127.0.0.1]]' lacks 'ADMIN' permission
at org.infinispan.security.impl.Authorizer.checkPermission(Authorizer.java:113)
at org.infinispan.security.impl.Authorizer.checkPermission(Authorizer.java:84)
at org.infinispan.security.impl.AuthorizationManagerImpl.checkPermission(AuthorizationManagerImpl.java:53)
at org.infinispan.security.impl.SecureCacheImpl.getAuthorizationManager(SecureCacheImpl.java:564)
at org.infinispan.server.tasks.ServerTaskEngine.checkPermissions(ServerTaskEngine.java:95)
at org.infinispan.server.tasks.ServerTaskEngine.runTask(ServerTaskEngine.java:64)
at org.infinispan.server.tasks.ServerTaskEngine.runTask(ServerTaskEngine.java:27)
at org.infinispan.tasks.impl.TaskManagerImpl.lambda$runTask$4(TaskManagerImpl.java:111)
at java.base/java.util.concurrent.CompletableFuture.uniComposeStage(CompletableFuture.java:1106)
at java.base/java.util.concurrent.CompletableFuture.thenCompose(CompletableFuture.java:2235)
at java.base/java.util.concurrent.CompletableFuture.thenCompose(CompletableFuture.java:143)
at org.infinispan.tasks.impl.TaskManagerImpl.runTask(TaskManagerImpl.java:94)
at org.infinispan.server.hotrod.TaskRequestProcessor.exec(TaskRequestProcessor.java:38)
at org.infinispan.server.hotrod.HotRodDecoder.switch3(HotRodDecoder.java:1872)
at org.infinispan.server.hotrod.HotRodDecoder.switch1_0(HotRodDecoder.java:164)
at org.infinispan.server.hotrod.HotRodDecoder.decode(HotRodDecoder.java:151)
at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:519)
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:458)
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:280)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
at io.netty.channel.ChannelInboundHandlerAdapter.channelRead(ChannelInboundHandlerAdapter.java:93)
at org.infinispan.server.core.transport.StatsChannelHandler.channelRead(StatsChannelHandler.java:28)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
at io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:800)
at io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:499)
at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:397)
at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997)
at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
at java.base/java.lang.Thread.run(Thread.java:829)

relates to

ISPN-14144 Task execution (permission) is different for ALL_NODES and ONE_NODE

Closed

Details

Description

Attachments

Issue Links

Activity

People

Dates