[ISPN-12765] REST API does not correctly handle authz for ADMIN in XSite, Query and Backups

This issue belongs to an archived project. You can view it, but you can't modify it. Learn more

Type: Bug
Resolution: Done
Priority: Blocker
Fix Version/s: 12.1.0.Final
Affects Version/s: 12.0.1.Final
Component/s: REST
Labels:
None

Release Note Text:
Undefined
Git Pull Request:
https://github.com/infinispan/infinispan/pull/9075

When the REST api performs operations on XSite, Query and Backups that can be only done for ADMIN users, admin user subject is not correctly handled and is detected as null, so REST endpoints respond with Subject null lacks ADMIN permission.

Some uses like xsiteAdmin.checkSite(site) can't be used from the REST api without a wrapper that will check the subject in the request

blocks

ISPN-11596 Role based access in the Infinispan Console

Closed

relates to

ISPN-12764 Error executing the Indexer when security is enabled

Closed

Katia Aresti added a comment - 2021/02/19 7:02 PM

Reproduced provided in the PR

Katia Aresti added a comment - 2021/02/19 7:02 PM Reproduced provided in the PR

Assignee:: Tristan Tarrant

Reporter:: Katia Aresti

Archiver:: Amol Dongare

Created:: 2021/02/19 6:16 PM

Updated:: 2024/07/15 7:45 AM

Resolved:: 2021/03/15 6:59 AM

Archived:: 2024/11/28 6:21 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

Collapse comment: Katia Aresti added a comment - 2021/02/19 7:02 PM

Expand comment: Katia Aresti added a comment - 2021/02/19 7:02 PM

People

Dates

PagerDuty