Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: 9.1.0.CR1
    • Fix Version/s: 9.1.0.Final
    • Component/s: Core, Server
    • Labels:
      None

      Description

      Configuration snippet:

      clustered.xml
      
      <security>
          <authorization>
              <identity-role-mapper />
              <role name="ADMIN" permissions="ALL ADMIN"/>
          </authorization>
      </security>
      <distributed-cache name="default" mode="SYNC"          >
          <security>
              <authorization enabled="true" roles="ADMIN"/>
          </security>
      </distributed-cache>
      
      application-roles.properties
      
      admin=REST,admin,ADMIN
      

      CLI call:

      /subsystem=datagrid-infinispan/cache-container=clustered/health=HEALTH:read-resource(include-runtime=true)
      

      Exception reported:

      08:12:26,128 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 2) WFLYCTL0013: Operation ("read-attribute") failed - address: ([
          ("subsystem" => "datagrid-infinispan"),
          ("cache-container" => "clustered"),
          ("health" => "HEALTH")
      ]): java.lang.SecurityException: ISPN000287: Unauthorized access: subject 'Subject with principal(s): [$local@ManagementRealm, org.jboss.remoting3.security.UserPrincipal@439455c7, InetAddressPrincipal <127.0.0.1/127.0.0.1>, InetAddressPrincipal <127.0.0.1/127.0.0.1>]' lacks 'ADMIN' permission
      	at org.infinispan.security.impl.AuthorizationHelper.checkPermission(AuthorizationHelper.java:87)
      	at org.infinispan.security.impl.AuthorizationManagerImpl.checkPermission(AuthorizationManagerImpl.java:49)
      	at org.infinispan.security.impl.SecureCacheImpl.getDistributionManager(SecureCacheImpl.java:409)
      	at org.infinispan.health.impl.CacheHealthImpl.getStatus(CacheHealthImpl.java:28)
      	at org.infinispan.health.impl.ClusterHealthImpl.lambda$getHealthStatus$2(ClusterHealthImpl.java:26)
      	at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:193)
      	at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:193)
      	at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:193)
      	at java.util.Iterator.forEachRemaining(Iterator.java:116)
      	at java.util.Spliterators$IteratorSpliterator.forEachRemaining(Spliterators.java:1801)
      	at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:481)
      	at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:471)
      	at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:708)
      	at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
      	at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:499)
      	at org.infinispan.health.impl.ClusterHealthImpl.getHealthStatus(ClusterHealthImpl.java:27)
      	at org.jboss.as.clustering.infinispan.subsystem.HealthMetricsHandler.executeRuntimeStep(HealthMetricsHandler.java:144)
      	at org.jboss.as.controller.AbstractRuntimeOnlyHandler$1.execute(AbstractRuntimeOnlyHandler.java:53)
      	at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:890)
      	at org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:659)
      	at org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:370)
      	at org.jboss.as.controller.OperationContextImpl.executeOperation(OperationContextImpl.java:1329)
      	at org.jboss.as.controller.ModelControllerImpl.internalExecute(ModelControllerImpl.java:400)
      	at org.jboss.as.controller.ModelControllerImpl.execute(ModelControllerImpl.java:222)
      	at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.doExecute(ModelControllerClientOperationHandler.java:208)
      	at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.access$300(ModelControllerClientOperationHandler.java:130)
      	at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$1.run(ModelControllerClientOperationHandler.java:152)
      	at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$1.run(ModelControllerClientOperationHandler.java:148)
      	at java.security.AccessController.doPrivileged(Native Method)
      	at javax.security.auth.Subject.doAs(Subject.java:422)
      	at org.jboss.as.controller.AccessAuditContext.doAs(AccessAuditContext.java:149)
      	at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1.execute(ModelControllerClientOperationHandler.java:148)
      	at org.jboss.as.protocol.mgmt.AbstractMessageHandler$ManagementRequestContextImpl$1.doExecute(AbstractMessageHandler.java:363)
      	at org.jboss.as.protocol.mgmt.AbstractMessageHandler$AsyncTaskRunner.run(AbstractMessageHandler.java:472)
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
      	at java.lang.Thread.run(Thread.java:748)
      	at org.jboss.threads.JBossThread.run(JBossThread.java:320)
      

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  sebastian.laskawiec Sebastian Laskawiec
                  Reporter:
                  sebastian.laskawiec Sebastian Laskawiec
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: