Details
-
Bug
-
Resolution: Done
-
Major
-
13.0.10.Final
-
None
Description
To execute a Server side task the expectation is that EXEC permission is needed and nothing else (if there is no special permission needed inside the task code).
But the invocation fails with "lacks ADMIN permission" without reaching the task code
ERROR (non-blocking-thread--p2-t11) [org.infinispan.server.hotrod.BaseRequestProcessor:org.infinispan.server.hotrod.BaseRequestProcessor.writeException(BaseRequestProcessor.java:85)] ISPN005003: Exception reported java.lang.SecurityException: ISPN000287: Unauthorized access: subject 'Subject with principal(s): [wfink, RolePrincipal{name='task'}, InetAddressPrincipal [address=127.0.0.1/127.0.0.1]]' lacks 'ADMIN' permission
at org.infinispan.security.impl.Authorizer.checkPermission(Authorizer.java:113)
at org.infinispan.security.impl.Authorizer.checkPermission(Authorizer.java:84)
at org.infinispan.security.impl.AuthorizationManagerImpl.checkPermission(AuthorizationManagerImpl.java:53)
at org.infinispan.security.impl.SecureCacheImpl.getAuthorizationManager(SecureCacheImpl.java:564)
at org.infinispan.server.tasks.ServerTaskEngine.checkPermissions(ServerTaskEngine.java:95)
at org.infinispan.server.tasks.ServerTaskEngine.runTask(ServerTaskEngine.java:64)
at org.infinispan.server.tasks.ServerTaskEngine.runTask(ServerTaskEngine.java:27)
at org.infinispan.tasks.impl.TaskManagerImpl.lambda$runTask$4(TaskManagerImpl.java:111)
at java.base/java.util.concurrent.CompletableFuture.uniComposeStage(CompletableFuture.java:1106)
at java.base/java.util.concurrent.CompletableFuture.thenCompose(CompletableFuture.java:2235)
at java.base/java.util.concurrent.CompletableFuture.thenCompose(CompletableFuture.java:143)
at org.infinispan.tasks.impl.TaskManagerImpl.runTask(TaskManagerImpl.java:94)
at org.infinispan.server.hotrod.TaskRequestProcessor.exec(TaskRequestProcessor.java:38)
at org.infinispan.server.hotrod.HotRodDecoder.switch3(HotRodDecoder.java:1872)
at org.infinispan.server.hotrod.HotRodDecoder.switch1_0(HotRodDecoder.java:164)
at org.infinispan.server.hotrod.HotRodDecoder.decode(HotRodDecoder.java:151)
at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:519)
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:458)
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:280)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
at io.netty.channel.ChannelInboundHandlerAdapter.channelRead(ChannelInboundHandlerAdapter.java:93)
at org.infinispan.server.core.transport.StatsChannelHandler.channelRead(StatsChannelHandler.java:28)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
at io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:800)
at io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:499)
at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:397)
at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997)
at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
at java.base/java.lang.Thread.run(Thread.java:829)
Attachments
Issue Links
- relates to
-
ISPN-14144 Task execution (permission) is different for ALL_NODES and ONE_NODE
- Closed