JDG on OpenShift Online - HotRodClientException despite proper permissions assigned to roles
I deployed JDG on OpenShift Online with the following
- Image stream "jboss-datagrid71-openshift-rhel7.json" v1.2
- username 'admin' with role 'admin' and '___schema_manager'
- And given the permissions of READ, WRITE, EXEC, ADMIN, ALL for both the roles. Tried with just 'ALL' also.
- **Refer images, Config-env-vars.png and Cache-env-vars.png within the attached Info.zip for the environment configurations done**.
While deploying client-side Java application (basically Hotrod with security enabled and with Protobuf based query feature), we are getting the following exception. Attached the logs from the DataGrid server and client application pods
Caused by: org.infinispan.client.hotrod.exceptions.HotRodClientException: java.lang.SecurityException: ISPN000287: Unauthorized access: subject 'Subject with principal(s): [SimpleUserPrincipal [name=admin], InetAddressPrincipal [address=10.131.14.124/10.131.14.124], admin@ApplicationRealm, admin@ApplicationRealm, ___schema_manager@ApplicationRealm, admin, ___schema_manager]' lacks 'WRITE' permission
**Client side Java code **
I use the following version of Infinispan from redhat repository
8.4.2.Final-redhat-1
ConfigurationBuilder builder = new ConfigurationBuilder(); builder.addServer() .host(host) .port(hotrodPort).security().authentication().serverName("jdg-server").saslMechanism("DIGEST-MD5").callbackHandler(new LoginHandler("admin", "password".toCharArray(), "ApplicationRealm")).enable() .marshaller(new ProtoStreamMarshaller()); // The Protobuf based marshaller is required for query capabilities cacheManager = new RemoteCacheManager(builder.build());
Please help us resolving this issue. Thanks in advance.
Responses