Uploaded image for project: 'Infinispan'
  1. Infinispan
  2. ISPN-9543

Unable to login in management console after securing cache container

    XMLWordPrintable

    Details

    • Steps to Reproduce:
      Hide
      • Make below changes in standalone.xml
        ~~~
        <authorization map-groups-to-roles="true"> <!-- Keep this value as true -->
        .
        .
        <cache-container name="local" default-cache="default" statistics="true">
        <security>
        <authorization>
        <identity-role-mapper />
        <role name="admin" permissions="ALL"/>
        </authorization>
        ~~~
      • Add a management user named "arnav" and assign role "admin", the changes would reflect in mgmt-groups.properties.
      • Start server using ./standalone.xh
      • Login to Management console using - localhost:9990
      • Give user name as "arnav" and the defined password.
        -Management console will continuously logs error on console as well as in server logs.
      Show
      Make below changes in standalone.xml ~~~ <authorization map-groups-to-roles="true"> <!-- Keep this value as true --> . . <cache-container name="local" default-cache="default" statistics="true"> <security> <authorization> <identity-role-mapper /> <role name="admin" permissions="ALL"/> </authorization> ~~~ Add a management user named "arnav" and assign role "admin", the changes would reflect in mgmt-groups.properties. Start server using ./standalone.xh Login to Management console using - localhost:9990 Give user name as "arnav" and the defined password. -Management console will continuously logs error on console as well as in server logs.

      Description

      I configured cache container security in standalone.xml file :
      ~~~
      <cache-container name="local" default-cache="default" statistics="true">
      <security>
      <authorization>
      <identity-role-mapper />
      <role name="admin" permissions="ALL"/>
      </authorization>
      </security>
      ~~~

      I created a management user "Saurabh" and assigned role "admin" to him- PFA attached mgmt-groups.properties.

      Below is the exception snippet :
      ~~~
      2018-09-18 22:57:57,118 ERROR [org.jboss.as.controller.management-operation] (External Management Request Threads – 4) WFLYCTL0013: Operation ("read-attribute") failed - address: ([
      ("subsystem" => "datagrid-infinispan"),
      ("cache-container" => "local")
      ]): java.lang.SecurityException: ISPN000287: Unauthorized access: subject 'Subject with principal(s): [org.jboss.as.core.security.SimplePrincipal@6f98bb1c, saurabh@ManagementRealm, admin@ManagementRealm, admin, InetAddressPrincipal <127.0.0.1/127.0.0.1>]' lacks 'ADMIN' permission
      at org.infinispan.security.impl.AuthorizationHelper.checkPermission(AuthorizationHelper.java:87)
      ~~~

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  NadirX Tristan Tarrant
                  Reporter:
                  NadirX Tristan Tarrant
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: