Uploaded image for project: 'Infinispan'
  1. Infinispan
  2. ISPN-13166

Secured caches and Spring-Boot fail

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 13.0.0.Final
    • 13.0.0.Dev02, 12.1.6.Final
    • Core, Listeners, Security
    • None

      ClientListenerRegistry should use org.infinispan.server.hotrod.SecurityActions to remove the listener

      There's no user when the channel closes, and nobody to notify that the listener can't be removed.

       

      This bug has been found by creating a cache whose role is not admin, and enabling actuator metrics in Spring-Boot (check the Spring-Boot simple tutorial)

       

      An exception was thrown by org.infinispan.server.hotrod.ClientListenerRegistry$BaseClientEventSender$$Lambda$1192/0x000000084030ac40.operationComplete() java.lang.SecurityException: ISPN000287: Unauthorized access: subject 'Subject with principal(s): [admin, RolePrincipal{name='admin'}, InetAddressPrincipal [address=172.17.0.1/172.17.0.1]]' lacks 'LISTEN' permission
      at org.infinispan.security.impl.Authorizer.checkPermission(Authorizer.java:112)
      at org.infinispan.security.impl.Authorizer.checkPermission(Authorizer.java:83)
      at org.infinispan.security.impl.AuthorizationManagerImpl.checkPermission(AuthorizationManagerImpl.java:53)
      at org.infinispan.security.impl.SecureCacheImpl.removeListenerAsync(SecureCacheImpl.java:151)
      at org.infinispan.server.hotrod.ClientListenerRegistry$BaseClientEventSender.lambda$init$1(ClientListenerRegistry.java:336)
      at io.netty.util.concurrent.DefaultPromise.notifyListener0(DefaultPromise.java:578)
      at io.netty.util.concurrent.DefaultPromise.notifyListeners0(DefaultPromise.java:571)
      at io.netty.util.concurrent.DefaultPromise.notifyListenersNow(DefaultPromise.java:550)
      at io.netty.util.concurrent.DefaultPromise.notifyListeners(DefaultPromise.java:491)
      at io.netty.util.concurrent.DefaultPromise.setValue0(DefaultPromise.java:616)
      at io.netty.util.concurrent.DefaultPromise.setSuccess0(DefaultPromise.java:605)
      at io.netty.util.concurrent.DefaultPromise.trySuccess(DefaultPromise.java:104)
      at io.netty.channel.DefaultChannelPromise.trySuccess(DefaultChannelPromise.java:84)
      at io.netty.channel.AbstractChannel$CloseFuture.setClosed(AbstractChannel.java:1186)
      at io.netty.channel.AbstractChannel$AbstractUnsafe.doClose0(AbstractChannel.java:773)
      at io.netty.channel.AbstractChannel$AbstractUnsafe.close(AbstractChannel.java:749)
      at io.netty.channel.AbstractChannel$AbstractUnsafe.close(AbstractChannel.java:620)

            dberinde@redhat.com Dan Berindei (Inactive)
            karestig@redhat.com Katia Aresti
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: