Uploaded image for project: 'Infinispan'
  1. Infinispan
  2. ISPN-13166

Secured caches and Spring-Boot fail

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 13.0.0.Dev02, 12.1.6.Final
    • Fix Version/s: None
    • Component/s: Core, Listeners, Security
    • Labels:
      None

      Description

      ClientListenerRegistry should use org.infinispan.server.hotrod.SecurityActions to remove the listener

      There's no user when the channel closes, and nobody to notify that the listener can't be removed.

       

      This bug has been found by creating a cache whose role is not admin, and enabling actuator metrics in Spring-Boot (check the Spring-Boot simple tutorial)

       

      An exception was thrown by org.infinispan.server.hotrod.ClientListenerRegistry$BaseClientEventSender$$Lambda$1192/0x000000084030ac40.operationComplete() java.lang.SecurityException: ISPN000287: Unauthorized access: subject 'Subject with principal(s): [admin, RolePrincipal{name='admin'}, InetAddressPrincipal [address=172.17.0.1/172.17.0.1]]' lacks 'LISTEN' permission
      at org.infinispan.security.impl.Authorizer.checkPermission(Authorizer.java:112)
      at org.infinispan.security.impl.Authorizer.checkPermission(Authorizer.java:83)
      at org.infinispan.security.impl.AuthorizationManagerImpl.checkPermission(AuthorizationManagerImpl.java:53)
      at org.infinispan.security.impl.SecureCacheImpl.removeListenerAsync(SecureCacheImpl.java:151)
      at org.infinispan.server.hotrod.ClientListenerRegistry$BaseClientEventSender.lambda$init$1(ClientListenerRegistry.java:336)
      at io.netty.util.concurrent.DefaultPromise.notifyListener0(DefaultPromise.java:578)
      at io.netty.util.concurrent.DefaultPromise.notifyListeners0(DefaultPromise.java:571)
      at io.netty.util.concurrent.DefaultPromise.notifyListenersNow(DefaultPromise.java:550)
      at io.netty.util.concurrent.DefaultPromise.notifyListeners(DefaultPromise.java:491)
      at io.netty.util.concurrent.DefaultPromise.setValue0(DefaultPromise.java:616)
      at io.netty.util.concurrent.DefaultPromise.setSuccess0(DefaultPromise.java:605)
      at io.netty.util.concurrent.DefaultPromise.trySuccess(DefaultPromise.java:104)
      at io.netty.channel.DefaultChannelPromise.trySuccess(DefaultChannelPromise.java:84)
      at io.netty.channel.AbstractChannel$CloseFuture.setClosed(AbstractChannel.java:1186)
      at io.netty.channel.AbstractChannel$AbstractUnsafe.doClose0(AbstractChannel.java:773)
      at io.netty.channel.AbstractChannel$AbstractUnsafe.close(AbstractChannel.java:749)
      at io.netty.channel.AbstractChannel$AbstractUnsafe.close(AbstractChannel.java:620)

        Attachments

          Activity

            People

            Assignee:
            dan.berindei Dan Berindei
            Reporter:
            karesti Katia Aresti
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: