Uploaded image for project: 'Infinispan'
  1. Infinispan
  2. ISPN-14143

Task execution needs ADMIN permission additional to EXEC

This issue belongs to an archived project. You can view it, but you can't modify it. Learn more

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 13.0.12.Final, 14.0.1.Final
    • 13.0.10.Final
    • Tasks
    • None

      To execute a Server side task the expectation is that EXEC permission is needed and nothing else (if there is no special permission needed inside the task code).

      But the invocation fails with "lacks ADMIN permission" without reaching the task code

       

      ERROR (non-blocking-thread--p2-t11) [org.infinispan.server.hotrod.BaseRequestProcessor:org.infinispan.server.hotrod.BaseRequestProcessor.writeException(BaseRequestProcessor.java:85)] ISPN005003: Exception reported java.lang.SecurityException: ISPN000287: Unauthorized access: subject 'Subject with principal(s): [wfink, RolePrincipal{name='task'}, InetAddressPrincipal [address=127.0.0.1/127.0.0.1]]' lacks 'ADMIN' permission
          at org.infinispan.security.impl.Authorizer.checkPermission(Authorizer.java:113)
          at org.infinispan.security.impl.Authorizer.checkPermission(Authorizer.java:84)
          at org.infinispan.security.impl.AuthorizationManagerImpl.checkPermission(AuthorizationManagerImpl.java:53)
          at org.infinispan.security.impl.SecureCacheImpl.getAuthorizationManager(SecureCacheImpl.java:564)
          at org.infinispan.server.tasks.ServerTaskEngine.checkPermissions(ServerTaskEngine.java:95)
          at org.infinispan.server.tasks.ServerTaskEngine.runTask(ServerTaskEngine.java:64)
          at org.infinispan.server.tasks.ServerTaskEngine.runTask(ServerTaskEngine.java:27)
          at org.infinispan.tasks.impl.TaskManagerImpl.lambda$runTask$4(TaskManagerImpl.java:111)
          at java.base/java.util.concurrent.CompletableFuture.uniComposeStage(CompletableFuture.java:1106)
          at java.base/java.util.concurrent.CompletableFuture.thenCompose(CompletableFuture.java:2235)
          at java.base/java.util.concurrent.CompletableFuture.thenCompose(CompletableFuture.java:143)
          at org.infinispan.tasks.impl.TaskManagerImpl.runTask(TaskManagerImpl.java:94)
          at org.infinispan.server.hotrod.TaskRequestProcessor.exec(TaskRequestProcessor.java:38)
          at org.infinispan.server.hotrod.HotRodDecoder.switch3(HotRodDecoder.java:1872)
          at org.infinispan.server.hotrod.HotRodDecoder.switch1_0(HotRodDecoder.java:164)
          at org.infinispan.server.hotrod.HotRodDecoder.decode(HotRodDecoder.java:151)
          at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:519)
          at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:458)
          at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:280)
          at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
          at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
          at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
          at io.netty.channel.ChannelInboundHandlerAdapter.channelRead(ChannelInboundHandlerAdapter.java:93)
          at org.infinispan.server.core.transport.StatsChannelHandler.channelRead(StatsChannelHandler.java:28)
          at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
          at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
          at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
          at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
          at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
          at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
          at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
          at io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:800)
          at io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:499)
          at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:397)
          at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997)
          at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
          at java.base/java.lang.Thread.run(Thread.java:829)

              ttarrant@redhat.com Tristan Tarrant
              rhn-support-wfink Wolf Fink
              Archiver:
              rhn-support-adongare Amol Dongare

                Created:
                Updated:
                Resolved:
                Archived: