不幸的是,我无法从缓存中检索密钥集,因为我收到以下错误:
ISPN000287:未经授权的访问:主题“null”缺少“ADMIN”权限
这很奇怪;因为在这个示例代码中,如果它不存在,我可以创建一个缓存(当然,如果你想创建一个缓存,你需要是管理员)但是我不能只检索该缓存的键集。
我是在做一些错误还是实际上存在错误?
重现步骤:
- 将附加的配置(infinispan.xml)放入:<SERVER_ROOT>/server/conf/infinispan.xml
<infinispan xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:infinispan:config:11.0 https://infinispan.org/schemas/infinispan-config-11.0.xsd
urn:infinispan:server:11.0 https://infinispan.org/schemas/infinispan-server-11.0.xsd"
xmlns="urn:infinispan:config:11.0"
xmlns:server="urn:infinispan:server:11.0">
<cache-container default-cache="secured"
name="clustered"
statistics="true">
<transport cluster="cbcluster"
stack="${infinispan.cluster.stack:tcp}"
node-name="${infinispan.node.name:}"/>
<security>
<authorization>
<identity-role-mapper/>
<role name="admin"
permissions="ALL"/>
<role name="reader"
permissions="READ"/>
<role name="writer"
permissions="WRITE"/>
<role name="supervisor"
permissions="READ WRITE EXEC"/>
<role name="cacheadmin"
permissions="ALL"/>
</authorization>
</security>
<local-cache name="secured">
<security>
<authorization/>
</security>
</local-cache>
<distributed-cache name="entrypoints"
mode="SYNC"
segments="20"
owners="2"
remote-timeout="30000">
<encoding media-type="application/x-protostream"/>
<locking isolation="READ_COMMITTED"
acquire-timeout="30000"
concurrency-level="1000"
striping="false"/>
<security>
<authorization roles="cacheadmin"/>
</security>
<transaction mode="NONE"/>
<!-- ( 24 hours ) -->
<expiration lifespan="86400000"/>
</distributed-cache>
</cache-container>
<server xmlns="urn:infinispan:server:11.0">
<interfaces>
<interface name="public">
<inet-address value="${infinispan.bind.address:127.0.0.1}"/>
</interface>
</interfaces>
<socket-bindings default-interface="public"
port-offset="${infinispan.socket.binding.port-offset:0}">
<socket-binding name="default"
port="${infinispan.bind.port:11222}"/>
<socket-binding name="memcached"
port="11221"/>
</socket-bindings>
<security>
<security-realms>
<security-realm name="default">
<!-- Uncomment to enable TLS on the realm -->
<!-- server-identities>
<ssl>
<keystore path="application.keystore" relative-to="infinispan.server.config.path"
keystore-password="password" alias="server" key-password="password"
generate-self-signed-certificate-host="localhost"/>
</ssl>
</server-identities-->
<properties-realm groups-attribute="Roles">
<user-properties path="users.properties"
relative-to="infinispan.server.config.path"
plain-text="true"/>
<group-properties path="groups.properties"
relative-to="infinispan.server.config.path"/>
</properties-realm>
</security-realm>
</security-realms>
</security>
<endpoints socket-binding="default"
security-realm="default">
<hotrod-connector name="hotrod"
cache-container="clustered">
<topology-state-transfer lock-timeout="1000"
replication-timeout="5000"/>
<!-- INIZIO -->
<authentication security-realm="default">
<sasl server-name="datagridAuth"
mechanisms="DIGEST-SHA-256"
qop="auth">
<policy>
<no-anonymous value="true"/>
</policy>
<property name="com.sun.security.sasl.digest.utf8">true</property>
</sasl>
</authentication>
<!-- FINE -->
</hotrod-connector>
<memcached-connector socket-binding="memcached"
cache-container="clustered"/>
<rest-connector name="rest"
cache-container="clustered">
<authentication mechanisms="DIGEST DIGEST-SHA-256"/>
</rest-connector>
</endpoints>
</server>
</infinispan>
运行服务器( bin/server.sh )
运行附带的 JAVA 程序
import java.io.IOException;
import java.util.Properties;
import java.util.Set;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.infinispan.client.hotrod.DefaultTemplate;
import org.infinispan.client.hotrod.RemoteCache;
import org.infinispan.client.hotrod.RemoteCacheManager;
import org.infinispan.client.hotrod.configuration.ClientIntelligence;
import org.infinispan.client.hotrod.configuration.ConfigurationBuilder;
import org.infinispan.client.hotrod.impl.ConfigurationProperties;
import org.infinispan.commons.api.CacheContainerAdmin;
public class InfinispanSample {
public static void main(String[] args) {
// Create a configuration for a locally-running server
ConfigurationBuilder builder = new ConfigurationBuilder();
builder.addServer().host("127.0.0.1").port(ConfigurationProperties.DEFAULT_HOTROD_PORT);
// Workaround for docker 4 mac
builder.clientIntelligence(ClientIntelligence.BASIC);
//Configure the security properties
builder.security().authentication()
.username("adminuser")
.password("12345678")
.saslMechanism("DIGEST-MD5")
.realm("default")
.serverName("datagridAuth");
// Connect to the server
RemoteCacheManager cacheManager = new RemoteCacheManager(builder.build());
// Create test cache, if such does not exist
cacheManager.administration().withFlags(CacheContainerAdmin.AdminFlag.VOLATILE).getOrCreateCache("test",
DefaultTemplate.DIST_SYNC);
// Obtain the remote cache
RemoteCache<String, String> cache = cacheManager.getCache("test");
/// Store a value
cache.put("key", "value");
cache.put("key2", "XX");
// Retrieve the value and print it out
System.out.printf("key = %s\n", cache.get("key"));
System.out.printf("key2 = %s\n", cache.get("key2"));
Set<String> remoteCacheKeySet = cache.keySet();
remoteCacheKeySet.stream().forEach(item -> {
String val = cache.get(item);
System.out.printf("key = " + item + " = " + val);
});
// Stop the cache manager and release all resources
cacheManager.stop();
}
}
当我执行程序时,我看到它正确检索了 key1 和 key2 ,但是在执行 keySet 操作时出现了 ISPN000287 错误。
在这里我发布一个摘录
19:07:10.923 [main] INFO o.i.HOTROD - ISPN004021: Infinispan version: Infinispan 'Corona Extra' 11.0.9.Final
key = value
key2 = XX
19:07:11.088 [HotRod-client-async-pool-1-1] WARN o.i.HOTROD - ISPN004005: Error received from the server: java.lang.SecurityException: ISPN000287: Unauthorized access: subject 'null' lacks 'ADMIN' permission
Exception in thread "main" org.infinispan.client.hotrod.exceptions.HotRodClientException:Request for messageId=12 returned server error (status=0x85): java.lang.SecurityException: ISPN000287: Unauthorized access: subject 'null' lacks 'ADMIN' permission
at org.infinispan.client.hotrod.impl.protocol.Codec20.checkForErrorsInResponseStatus(Codec20.java:329)
at org.infinispan.client.hotrod.impl.protocol.Codec20.readHeader(Codec20.java:168)
预先感谢您的帮助
此致