[
https://issues.jboss.org/browse/JGRP-1661?page=com.atlassian.jira.plugin....
]
Bela Ban updated JGRP-1661:
---------------------------
Fix Version/s: 3.3.4
3.4
AUTH bypasses join requests without auth_headers
------------------------------------------------
Key: JGRP-1661
URL:
https://issues.jboss.org/browse/JGRP-1661
Project: JGroups
Issue Type: Bug
Affects Versions: 3.3.3
Reporter: Sergey Tumashov
Assignee: Bela Ban
Fix For: 3.3.4, 3.4
The cluster coordinator allows new members to join the cluster if their join requests do
not contain auth headers.
A simple test case would involve two nodes. One node should be configured to use a
protocol stack with AUTH. The other node should use the same stack but with AUTH excluded.
The node that uses AUTH needs to be brought up first so it can become cluster coordinator.
The second node will now successfully join the cluster even though it does not send any
auth tokens along with its join requests.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:
http://www.atlassian.com/software/jira