0

不幸的是,我无法从缓存中检索密钥集,因为我收到以下错误:

ISPN000287:未经授权的访问:主题“null”缺少“ADMIN”权限

这很奇怪;因为在这个示例代码中,如果它不存在,我可以创建一个缓存(当然,如果你想创建一个缓存,你需要是管理员)但是我不能只检索该缓存的键集。

我是在做一些错误还是实际上存在错误?

重现步骤:

  • 将附加的配置(infinispan.xml)放入:<SERVER_ROOT>/server/conf/infinispan.xml
<infinispan xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
            xsi:schemaLocation="urn:infinispan:config:11.0 https://infinispan.org/schemas/infinispan-config-11.0.xsd
                            urn:infinispan:server:11.0 https://infinispan.org/schemas/infinispan-server-11.0.xsd"
            xmlns="urn:infinispan:config:11.0"
            xmlns:server="urn:infinispan:server:11.0">
    <cache-container default-cache="secured"
                     name="clustered"
                     statistics="true">
        <transport cluster="cbcluster"
                   stack="${infinispan.cluster.stack:tcp}"
                   node-name="${infinispan.node.name:}"/>
        <security>
            <authorization>
                <identity-role-mapper/>
                <role name="admin"
                      permissions="ALL"/>
                <role name="reader"
                      permissions="READ"/>
                <role name="writer"
                      permissions="WRITE"/>
                <role name="supervisor"
                      permissions="READ WRITE EXEC"/>
                <role name="cacheadmin"
                      permissions="ALL"/>
            </authorization>
        </security>
        <local-cache name="secured">
            <security>
                <authorization/>
            </security>
        </local-cache>
        <distributed-cache name="entrypoints"
                           mode="SYNC"
                           segments="20"
                           owners="2"
                           remote-timeout="30000">
            <encoding media-type="application/x-protostream"/>
            <locking isolation="READ_COMMITTED"
                     acquire-timeout="30000"
                     concurrency-level="1000"
                     striping="false"/>
            <security>
                <authorization roles="cacheadmin"/>
            </security>
            <transaction mode="NONE"/>
            <!-- ( 24 hours ) -->
            <expiration lifespan="86400000"/>
        </distributed-cache>
    </cache-container>
    <server xmlns="urn:infinispan:server:11.0">
        <interfaces>
            <interface name="public">
                <inet-address value="${infinispan.bind.address:127.0.0.1}"/>
            </interface>
        </interfaces>
        <socket-bindings default-interface="public"
                         port-offset="${infinispan.socket.binding.port-offset:0}">
            <socket-binding name="default"
                            port="${infinispan.bind.port:11222}"/>
            <socket-binding name="memcached"
                            port="11221"/>
        </socket-bindings>
        <security>
            <security-realms>
                <security-realm name="default">
                    <!-- Uncomment to enable TLS on the realm -->
                    <!-- server-identities>
                  <ssl>
                     <keystore path="application.keystore" relative-to="infinispan.server.config.path"
                               keystore-password="password" alias="server" key-password="password"
                               generate-self-signed-certificate-host="localhost"/>
                  </ssl>
               </server-identities-->
                    <properties-realm groups-attribute="Roles">
                        <user-properties path="users.properties"
                                         relative-to="infinispan.server.config.path"
                                         plain-text="true"/>
                        <group-properties path="groups.properties"
                                          relative-to="infinispan.server.config.path"/>
                    </properties-realm>
                </security-realm>
            </security-realms>
        </security>
        <endpoints socket-binding="default"
                   security-realm="default">
            <hotrod-connector name="hotrod"
                              cache-container="clustered">
                <topology-state-transfer lock-timeout="1000"
                                         replication-timeout="5000"/>
                <!-- INIZIO -->
                <authentication security-realm="default">
                    <sasl server-name="datagridAuth"
                          mechanisms="DIGEST-SHA-256"
                          qop="auth">
                        <policy>
                            <no-anonymous value="true"/>
                        </policy>
                        <property name="com.sun.security.sasl.digest.utf8">true</property>
                    </sasl>
                </authentication>
                <!-- FINE -->
            </hotrod-connector>
            <memcached-connector socket-binding="memcached"
                                 cache-container="clustered"/>
            <rest-connector name="rest"
                            cache-container="clustered">
                <authentication mechanisms="DIGEST DIGEST-SHA-256"/>
            </rest-connector>
        </endpoints>
    </server>
</infinispan>

  • 运行服务器( bin/server.sh )

  • 运行附带的 JAVA 程序

import java.io.IOException;
import java.util.Properties;
import java.util.Set;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;

import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.infinispan.client.hotrod.DefaultTemplate;
import org.infinispan.client.hotrod.RemoteCache;
import org.infinispan.client.hotrod.RemoteCacheManager;
import org.infinispan.client.hotrod.configuration.ClientIntelligence;
import org.infinispan.client.hotrod.configuration.ConfigurationBuilder;
import org.infinispan.client.hotrod.impl.ConfigurationProperties;
import org.infinispan.commons.api.CacheContainerAdmin;

public class InfinispanSample {

    public static void main(String[] args) {
        // Create a configuration for a locally-running server
        ConfigurationBuilder builder = new ConfigurationBuilder();
        builder.addServer().host("127.0.0.1").port(ConfigurationProperties.DEFAULT_HOTROD_PORT);
        // Workaround for docker 4 mac
        builder.clientIntelligence(ClientIntelligence.BASIC);

        //Configure the security properties
        builder.security().authentication()
        .username("adminuser")
        .password("12345678")
        .saslMechanism("DIGEST-MD5")
        .realm("default")
        .serverName("datagridAuth");

        // Connect to the server
        RemoteCacheManager cacheManager = new RemoteCacheManager(builder.build());
        // Create test cache, if such does not exist
        cacheManager.administration().withFlags(CacheContainerAdmin.AdminFlag.VOLATILE).getOrCreateCache("test",
                DefaultTemplate.DIST_SYNC);
        // Obtain the remote cache
        RemoteCache<String, String> cache = cacheManager.getCache("test");
        /// Store a value
        cache.put("key", "value");
        cache.put("key2", "XX");
        // Retrieve the value and print it out
        System.out.printf("key = %s\n", cache.get("key"));
        System.out.printf("key2 = %s\n", cache.get("key2"));


        Set<String> remoteCacheKeySet = cache.keySet();
        remoteCacheKeySet.stream().forEach(item -> {
            String val = cache.get(item);
            System.out.printf("key = " + item + " = " + val);
        });
        // Stop the cache manager and release all resources
        cacheManager.stop();
    }
}

当我执行程序时,我看到它正确检索了 key1 和 key2 ,但是在执行 keySet 操作时出现了 ISPN000287 错误。

在这里我发布一个摘录

19:07:10.923 [main] INFO  o.i.HOTROD - ISPN004021: Infinispan version: Infinispan 'Corona Extra' 11.0.9.Final
key = value
key2 = XX
19:07:11.088 [HotRod-client-async-pool-1-1] WARN  o.i.HOTROD - ISPN004005: Error received from the server: java.lang.SecurityException: ISPN000287: Unauthorized access: subject 'null' lacks 'ADMIN' permission
Exception in thread "main" org.infinispan.client.hotrod.exceptions.HotRodClientException:Request for messageId=12 returned server error (status=0x85): java.lang.SecurityException: ISPN000287: Unauthorized access: subject 'null' lacks 'ADMIN' permission
    at org.infinispan.client.hotrod.impl.protocol.Codec20.checkForErrorsInResponseStatus(Codec20.java:329)
    at org.infinispan.client.hotrod.impl.protocol.Codec20.readHeader(Codec20.java:168)

预先感谢您的帮助

此致

4

1 回答 1

1

这是一个错误:ISPN-12716

Infinispan 12.1.0 和 12.0.1 中将包含一个修复程序

于 2021-02-09T11:11:26.560 回答