Uploaded image for project: 'Red Hat Data Grid'
  1. Red Hat Data Grid
  2. JDG-7449

[RESP] Differentiate between inccorrect credentials and unauthorized access error message

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • None
    • None
    • None
    • False
    • Hide

      None

      Show
      None
    • False

      When Redis cache is configured with authorization, if a user with valid credentials which does not have a role to access the cache attempts to login/use the cache they'll get the same message as with incorrect credentials.

      The error message for such user should be in a format NOPERM as with Redis ACL system not to confuse users.

      Cache config:

      <distributed-cache name="respCache" aliases="0" owners="2" mode="ASYNC" statistics="true" key-partitioner="org.infinispan.distribution.ch.impl.RESPHashFunctionPartitioner">
         <encoding media-type="application/octet-stream"/>
         <security>
            <authorization roles="admin"/>
         </security>
      </distributed-cache>

      Reproducer:

      $ ${ISPN_HOME}/bin/cli.sh user create admin -p admin -g admin
$ ${ISPN_HOME}/bin/cli.sh user create observer -p observer -g observer
$ ${ISPN_HOME}/bin/server.sh &
$ redis-cli -p 11222 --user observer --pass observer
Warning: Using a password with '-a' or '-u' option on the command line interface may not be safe.
AUTH failed: WRONGPASS invalid username-password pair or user is disabled.

              rh-ee-jbolina Jose Bolina
              rhn-support-pdrobek Pavel Drobek
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: