Uploaded image for project: 'Infinispan'
  1. Infinispan
  2. ISPN-6210

"* lacks 'READ' permission" while executing scripts over TaskManager with authentication enabled

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Blocker
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: 8.2.0.CR1
    • Component/s: Tasks
    • Labels:
      None

      Description

      When creating an authentication enabled cacheManager/cache and trying to execute a script on it (no matter whether the "role" meta-tag is specified or no), the test throws the following exception:

      java.security.PrivilegedActionException: java.lang.SecurityException: ISPN000287: Unauthorized access: subject 'Subject with principal(s): [TestPrincipal [name=pheidippides]]' lacks 'READ' permission
      	at org.infinispan.security.Security.doAs(Security.java:145)
      	at org.infinispan.scripting.SecureScriptingTaskManagerTest.testTask(SecureScriptingTaskManagerTest.java:111)
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	at java.lang.reflect.Method.invoke(Method.java:497)
      	at org.testng.internal.MethodInvocationHelper.invokeMethod(MethodInvocationHelper.java:84)
      	at org.testng.internal.Invoker.invokeMethod(Invoker.java:714)
      	at org.testng.internal.Invoker.invokeTestMethod(Invoker.java:901)
      	at org.testng.internal.Invoker.invokeTestMethods(Invoker.java:1231)
      	at org.testng.internal.TestMethodWorker.invokeTestMethods(TestMethodWorker.java:127)
      	at org.testng.internal.TestMethodWorker.run(TestMethodWorker.java:111)
      	at org.testng.TestRunner.privateRun(TestRunner.java:767)
      	at org.testng.TestRunner.run(TestRunner.java:617)
      	at org.testng.SuiteRunner.runTest(SuiteRunner.java:348)
      	at org.testng.SuiteRunner.runSequentially(SuiteRunner.java:343)
      	at org.testng.SuiteRunner.privateRun(SuiteRunner.java:305)
      	at org.testng.SuiteRunner.run(SuiteRunner.java:254)
      	at org.testng.SuiteRunnerWorker.runSuite(SuiteRunnerWorker.java:52)
      	at org.testng.SuiteRunnerWorker.run(SuiteRunnerWorker.java:86)
      	at org.testng.TestNG.runSuitesSequentially(TestNG.java:1224)
      	at org.testng.TestNG.runSuitesLocally(TestNG.java:1149)
      	at org.testng.TestNG.run(TestNG.java:1057)
      	at org.testng.IDEARemoteTestNG.run(IDEARemoteTestNG.java:72)
      	at org.testng.RemoteTestNGStarter.main(RemoteTestNGStarter.java:122)
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	at java.lang.reflect.Method.invoke(Method.java:497)
      	at com.intellij.rt.execution.application.AppMain.main(AppMain.java:144)
      Caused by: java.lang.SecurityException: ISPN000287: Unauthorized access: subject 'Subject with principal(s): [TestPrincipal [name=pheidippides]]' lacks 'READ' permission
      	at org.infinispan.security.impl.AuthorizationHelper.checkPermission(AuthorizationHelper.java:86)
      	at org.infinispan.security.impl.AuthorizationManagerImpl.checkPermission(AuthorizationManagerImpl.java:37)
      	at org.infinispan.security.impl.SecureCacheImpl.containsKey(SecureCacheImpl.java:364)
      	at org.infinispan.scripting.impl.ScriptingManagerImpl.containsScript(ScriptingManagerImpl.java:137)
      	at org.infinispan.scripting.impl.ScriptingTaskEngine.handles(ScriptingTaskEngine.java:48)
      	at org.infinispan.tasks.impl.TaskManagerImpl.runTask(TaskManagerImpl.java:74)
      	at org.infinispan.scripting.SecureScriptingTaskManagerTest$4.run(SecureScriptingTaskManagerTest.java:115)
      	at org.infinispan.scripting.SecureScriptingTaskManagerTest$4.run(SecureScriptingTaskManagerTest.java:111)
      	at org.infinispan.security.Security.doAs(Security.java:143)
      	... 29 more
      

      You can find the test here:
      https://github.com/andyuk1986/infinispan/blob/4755853001f1f2dd52ca8dfb7870cb9c878ece8a/scripting/src/test/java/org/infinispan/scripting/SecureScriptingTaskManagerTest.java

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  NadirX Tristan Tarrant
                  Reporter:
                  amanukyan Anna Manukyan
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: