Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: JDG 7.0.0 GAbacklog
Affects Version/s: JDG 7.0.0 GAbacklog
Component/s: Documentation
Labels:
None

Fix Build:
GA
Steps to Reproduce:

Hide

Attempt to register the schema with no security enabled, JDG on a remote address.
RemoteCache<String, String> metadataCache = cacheManager
.getCache(ProtobufMetadataManagerConstants.PROTOBUF_METADATA_CACHE_NAME);
metadataCache.put(PROTOBUF_DEFINITION_RESOURCE,
readResource(PROTOBUF_DEFINITION_RESOURCE));
String errors = metadataCache
.get(ProtobufMetadataManagerConstants.ERRORS_KEY_SUFFIX);
if (errors != null)
{ throw new IllegalStateException( "Some Protobuf schema files contain errors:\n" + errors); }
Loop back error is thrown.

Attempt to register schema with security enabled. Lack of 'WRITE' permission exception is thrown.

Attempt to register schema security enabled and proper role "___schema_manager" specified.
Successful registration.

Show
Attempt to register the schema with no security enabled, JDG on a remote address. RemoteCache<String, String> metadataCache = cacheManager .getCache(ProtobufMetadataManagerConstants.PROTOBUF_METADATA_CACHE_NAME); metadataCache.put(PROTOBUF_DEFINITION_RESOURCE, readResource(PROTOBUF_DEFINITION_RESOURCE)); String errors = metadataCache .get(ProtobufMetadataManagerConstants.ERRORS_KEY_SUFFIX); if (errors != null) { throw new IllegalStateException( "Some Protobuf schema files contain errors:\n" + errors); } Loop back error is thrown. Attempt to register schema with security enabled. Lack of 'WRITE' permission exception is thrown. Attempt to register schema security enabled and proper role "___schema_manager" specified. Successful registration.

SFDC Cases Counter:
SFDC Cases Links:

Description

Title: Indexing Protobuf Encoded Entities

Describe the issue:
Due to a new requirement in JDG 7.0, accessing the ___protobuf_metadata cache can only be
done loopback without security enabled. This exception is thrown.
"org.infinispan.client.hotrod.exceptions.HotRodClientException:Request for messageId=3 returned server error (status=0x84): org.infinispan.server.hotrod.RequestParsingException: Remote requests are allowed to protected caches only over loopback or if authorization is enabled. Do no send remote requests to cache '_protobuf_metadata'"

If accessing the cache using a remote address a permission error occurs due to lack of permissions.
"org.infinispan.client.hotrod.exceptions.HotRodClientException:Request for messageId=7 returned server error (status=0x85): java.lang.SecurityException: ISPN000287: Unauthorized access: subject 'Subject with principal(s): [SimpleUserPrincipal [name=user1], InetAddressPrincipal [address=192.168.50.196/192.168.50.196], user1@ApplicationRealm, role1@ApplicationRealm, role1]' lacks 'WRITE' permission"

Even if the user has the ADMIN or ALL permission it still isn't sufficient to access the '___protobuf_metadata' cache.

Suggestions for improvement:
An additional permission role, "__schema_manager" is required of the user attempting to WRITE to the '__protobuf_metadata' cache. This needs to be documented.

It appears to only be available in the infinispan 9.0.x documentation, git doc and the git source.

Additional information:

Attachments

Issue Links

blocks

TEIID-4531 Unable to configure the JDG schema using marshallers

Closed

Activity

People

Assignee:: Christian Huffman

Reporter:: Kent Hua (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2016/08/03 1:27 PM

Updated:: 2023/02/16 10:16 AM

Resolved:: 2016/09/13 6:47 PM