Uploaded image for project: 'Infinispan'
  1. Infinispan
  2. ISPN-13166

Secured caches and Spring-Boot fail

This issue belongs to an archived project. You can view it, but you can't modify it. Learn more

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 13.0.0.Final
    • 12.1.6.Final, 13.0.0.Final
    • Core, Listeners, Security
    • None

      ClientListenerRegistry should use org.infinispan.server.hotrod.SecurityActions to remove the listener

      There's no user when the channel closes, and nobody to notify that the listener can't be removed.

       

      This bug has been found by creating a cache whose role is not admin, and enabling actuator metrics in Spring-Boot (check the Spring-Boot simple tutorial)

       

      An exception was thrown by org.infinispan.server.hotrod.ClientListenerRegistry$BaseClientEventSender$$Lambda$1192/0x000000084030ac40.operationComplete() java.lang.SecurityException: ISPN000287: Unauthorized access: subject 'Subject with principal(s): [admin, RolePrincipal{name='admin'}, InetAddressPrincipal [address=172.17.0.1/172.17.0.1]]' lacks 'LISTEN' permission
      at org.infinispan.security.impl.Authorizer.checkPermission(Authorizer.java:112)
      at org.infinispan.security.impl.Authorizer.checkPermission(Authorizer.java:83)
      at org.infinispan.security.impl.AuthorizationManagerImpl.checkPermission(AuthorizationManagerImpl.java:53)
      at org.infinispan.security.impl.SecureCacheImpl.removeListenerAsync(SecureCacheImpl.java:151)
      at org.infinispan.server.hotrod.ClientListenerRegistry$BaseClientEventSender.lambda$init$1(ClientListenerRegistry.java:336)
      at io.netty.util.concurrent.DefaultPromise.notifyListener0(DefaultPromise.java:578)
      at io.netty.util.concurrent.DefaultPromise.notifyListeners0(DefaultPromise.java:571)
      at io.netty.util.concurrent.DefaultPromise.notifyListenersNow(DefaultPromise.java:550)
      at io.netty.util.concurrent.DefaultPromise.notifyListeners(DefaultPromise.java:491)
      at io.netty.util.concurrent.DefaultPromise.setValue0(DefaultPromise.java:616)
      at io.netty.util.concurrent.DefaultPromise.setSuccess0(DefaultPromise.java:605)
      at io.netty.util.concurrent.DefaultPromise.trySuccess(DefaultPromise.java:104)
      at io.netty.channel.DefaultChannelPromise.trySuccess(DefaultChannelPromise.java:84)
      at io.netty.channel.AbstractChannel$CloseFuture.setClosed(AbstractChannel.java:1186)
      at io.netty.channel.AbstractChannel$AbstractUnsafe.doClose0(AbstractChannel.java:773)
      at io.netty.channel.AbstractChannel$AbstractUnsafe.close(AbstractChannel.java:749)
      at io.netty.channel.AbstractChannel$AbstractUnsafe.close(AbstractChannel.java:620)

              dberinde@redhat.com Dan Berindei (Inactive)
              karestig@redhat.com Katia Aresti
              Archiver:
              rhn-support-adongare Amol Dongare

                Created:
                Updated:
                Resolved:
                Archived: