-
Bug
-
Resolution: Done
-
Major
-
JDG 7.0.0 GAbacklog
-
None
-
GA
-
Title: Indexing Protobuf Encoded Entities
Describe the issue:
Due to a new requirement in JDG 7.0, accessing the ___protobuf_metadata cache can only be
done loopback without security enabled. This exception is thrown.
"org.infinispan.client.hotrod.exceptions.HotRodClientException:Request for messageId=3 returned server error (status=0x84): org.infinispan.server.hotrod.RequestParsingException: Remote requests are allowed to protected caches only over loopback or if authorization is enabled. Do no send remote requests to cache '_protobuf_metadata'"
If accessing the cache using a remote address a permission error occurs due to lack of permissions.
"org.infinispan.client.hotrod.exceptions.HotRodClientException:Request for messageId=7 returned server error (status=0x85): java.lang.SecurityException: ISPN000287: Unauthorized access: subject 'Subject with principal(s): [SimpleUserPrincipal [name=user1], InetAddressPrincipal [address=192.168.50.196/192.168.50.196], user1@ApplicationRealm, role1@ApplicationRealm, role1]' lacks 'WRITE' permission"
Even if the user has the ADMIN or ALL permission it still isn't sufficient to access the '___protobuf_metadata' cache.
Suggestions for improvement:
An additional permission role, "__schema_manager" is required of the user attempting to WRITE to the '__protobuf_metadata' cache. This needs to be documented.
It appears to only be available in the infinispan 9.0.x documentation, git doc and the git source.
Additional information:
- blocks
-
TEIID-4531 Unable to configure the JDG schema using marshallers
- Closed