Uploaded image for project: 'Infinispan'
  1. Infinispan
  2. ISPN-12088

Property realm groups file format is wrong

    XMLWordPrintable

Details

    • Hide

      Define security constraints for a cache, for example require READ permission and configure a role "reader" containing that permission.

      Define a Properties Realm using a groups.properties file that contains a mapping

      user1=reader

      Try to read a value from the cache and see how it fails with an error indicating that the subject lacks permission READ.

      Then change the groups.properties file to contain

      reader=user1

      and see how reading from the cache succeeds.

      Show
      Define security constraints for a cache, for example require READ permission and configure a role "reader" containing that permission. Define a Properties Realm using a groups.properties file that contains a mapping user1=reader Try to read a value from the cache and see how it fails with an error indicating that the subject lacks permission READ. Then change the groups.properties file to contain reader=user1 and see how reading from the cache succeeds.

    Description

      The description of the format of the groups.properties file used for the Property Realm at

      https://infinispan.org/docs/stable/titles/server/server.html#server_realms

      seems to be wrong. It maps role names to lists of user IDs. However, using that format, I have not been able to access a cache that required WRITE permission. After changing the file to contain mappings of user IDs to lists of role names, everything worked as expected. The example group.properties file in the server image also describes the format as user=group1,group2.

      Attachments

        Activity

          People

            ttarrant@redhat.com Tristan Tarrant
            sophokles73 Kai Hudalla (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: