Uploaded image for project: 'Infinispan'
  1. Infinispan
  2. ISPN-12088

Property realm groups file format is wrong

This issue belongs to an archived project. You can view it, but you can't modify it. Learn more

XMLWordPrintable

    • Hide

      Define security constraints for a cache, for example require READ permission and configure a role "reader" containing that permission.

      Define a Properties Realm using a groups.properties file that contains a mapping

      user1=reader

      Try to read a value from the cache and see how it fails with an error indicating that the subject lacks permission READ.

      Then change the groups.properties file to contain

      reader=user1

      and see how reading from the cache succeeds.

      Show
      Define security constraints for a cache, for example require READ permission and configure a role "reader" containing that permission. Define a Properties Realm using a groups.properties file that contains a mapping user1=reader Try to read a value from the cache and see how it fails with an error indicating that the subject lacks permission READ. Then change the groups.properties file to contain reader=user1 and see how reading from the cache succeeds.

      The description of the format of the groups.properties file used for the Property Realm at

      https://infinispan.org/docs/stable/titles/server/server.html#server_realms

      seems to be wrong. It maps role names to lists of user IDs. However, using that format, I have not been able to access a cache that required WRITE permission. After changing the file to contain mappings of user IDs to lists of role names, everything worked as expected. The example group.properties file in the server image also describes the format as user=group1,group2.

              ttarrant@redhat.com Tristan Tarrant
              sophokles73 Kai Hudalla (Inactive)
              Archiver:
              rhn-support-adongare Amol Dongare

                Created:
                Updated:
                Resolved:
                Archived: