Uploaded image for project: 'Infinispan'
  1. Infinispan
  2. ISPN-13166

Secured caches and Spring-Boot fail

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 13.0.0.Final
    • 13.0.0.Dev02, 12.1.6.Final
    • Core, Listeners, Security
    • None

    Description

      ClientListenerRegistry should use org.infinispan.server.hotrod.SecurityActions to remove the listener

      There's no user when the channel closes, and nobody to notify that the listener can't be removed.

       

      This bug has been found by creating a cache whose role is not admin, and enabling actuator metrics in Spring-Boot (check the Spring-Boot simple tutorial)

       

      An exception was thrown by org.infinispan.server.hotrod.ClientListenerRegistry$BaseClientEventSender$$Lambda$1192/0x000000084030ac40.operationComplete() java.lang.SecurityException: ISPN000287: Unauthorized access: subject 'Subject with principal(s): [admin, RolePrincipal{name='admin'}, InetAddressPrincipal [address=172.17.0.1/172.17.0.1]]' lacks 'LISTEN' permission
      at org.infinispan.security.impl.Authorizer.checkPermission(Authorizer.java:112)
      at org.infinispan.security.impl.Authorizer.checkPermission(Authorizer.java:83)
      at org.infinispan.security.impl.AuthorizationManagerImpl.checkPermission(AuthorizationManagerImpl.java:53)
      at org.infinispan.security.impl.SecureCacheImpl.removeListenerAsync(SecureCacheImpl.java:151)
      at org.infinispan.server.hotrod.ClientListenerRegistry$BaseClientEventSender.lambda$init$1(ClientListenerRegistry.java:336)
      at io.netty.util.concurrent.DefaultPromise.notifyListener0(DefaultPromise.java:578)
      at io.netty.util.concurrent.DefaultPromise.notifyListeners0(DefaultPromise.java:571)
      at io.netty.util.concurrent.DefaultPromise.notifyListenersNow(DefaultPromise.java:550)
      at io.netty.util.concurrent.DefaultPromise.notifyListeners(DefaultPromise.java:491)
      at io.netty.util.concurrent.DefaultPromise.setValue0(DefaultPromise.java:616)
      at io.netty.util.concurrent.DefaultPromise.setSuccess0(DefaultPromise.java:605)
      at io.netty.util.concurrent.DefaultPromise.trySuccess(DefaultPromise.java:104)
      at io.netty.channel.DefaultChannelPromise.trySuccess(DefaultChannelPromise.java:84)
      at io.netty.channel.AbstractChannel$CloseFuture.setClosed(AbstractChannel.java:1186)
      at io.netty.channel.AbstractChannel$AbstractUnsafe.doClose0(AbstractChannel.java:773)
      at io.netty.channel.AbstractChannel$AbstractUnsafe.close(AbstractChannel.java:749)
      at io.netty.channel.AbstractChannel$AbstractUnsafe.close(AbstractChannel.java:620)

      Attachments

        Activity

          People

            dberinde@redhat.com Dan Berindei (Inactive)
            karestig@redhat.com Katia Aresti
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: