[JBoss JIRA] (JGRP-2227) Use of AUTH does not result in a SecurityException, but instead nodes create separate clusters with the same name

Monday, 2 July 2018

    [
https://issues.jboss.org/browse/JGRP-2227?page=com.atlassian.jira.plugin....
] 

Bela Ban edited comment on JGRP-2227 at 7/2/18 3:35 AM:
--------------------------------------------------------

I don't see where you're returning false:
{code:java}
	public boolean authenticate(final AuthToken token, final Message arg1) {
		if (!(token instanceof AbstractInfinityAuthToken))
			return false;
		final AbstractInfinityAuthToken infinityToken = (AbstractInfinityAuthToken) token;
		checkMD(infinityToken.getToken().getTokenValue(), this.getToken().getTokenValue());
		return infinityToken.getToken().equals(this.getToken());
	}
{code}

But if I change this method to return false, the SecurityException is thrown (see below).
However, the SecurityException is wrapped in a regular Exception. hmm.. perhaps I should
change this...
{noformat}
java.lang.Exception: connecting to channel draw failed
	at org.jgroups.JChannel._connect(JChannel.java:904)
	at org.jgroups.JChannel.connect(JChannel.java:393)
	at org.jgroups.JChannel.connect(JChannel.java:384)
	at org.jgroups.demos.Draw.go(Draw.java:197)
	at org.jgroups.demos.Draw.main(Draw.java:160)
Caused by: java.lang.SecurityException: authentication failed
	at
org.jgroups.protocols.pbcast.ClientGmsImpl.isJoinResponseValid(ClientGmsImpl.java:181)
	at
org.jgroups.protocols.pbcast.ClientGmsImpl.installViewIfValidJoinRsp(ClientGmsImpl.java:147)
	at org.jgroups.protocols.pbcast.ClientGmsImpl.joinInternal(ClientGmsImpl.java:104)
	at org.jgroups.protocols.pbcast.ClientGmsImpl.join(ClientGmsImpl.java:40)
	at org.jgroups.protocols.pbcast.GMS.down(GMS.java:1066)
	at org.jgroups.protocols.FlowControl.down(FlowControl.java:300)
	at org.jgroups.protocols.FlowControl.down(FlowControl.java:300)
	at org.jgroups.protocols.FRAG3.down(FRAG3.java:135)
	at org.jgroups.stack.ProtocolStack.down(ProtocolStack.java:901)
	at org.jgroups.JChannel.down(JChannel.java:668)
	at org.jgroups.JChannel._connect(JChannel.java:897)
{noformat}

was (Author: belaban):
I don't see where you're returning false:
{code:java}
	public boolean authenticate(final AuthToken token, final Message arg1) {
		if (!(token instanceof AbstractInfinityAuthToken))
			return false;
		final AbstractInfinityAuthToken infinityToken = (AbstractInfinityAuthToken) token;
		checkMD(infinityToken.getToken().getTokenValue(), this.getToken().getTokenValue());
		return infinityToken.getToken().equals(this.getToken());
	}
{code}

But if I change this method to return false, the SecurityException is thrown (see below).
However, the SecurityException is wrapped in a regular Exception. hmm.. perhaps I should
change this...
{noformat}
{noformat}

...
 Use of AUTH does not result in a SecurityException, but instead nodes
create separate clusters with the same name

-----------------------------------------------------------------------------------------------------------------

                 Key: JGRP-2227
                 URL: https://issues.jboss.org/browse/JGRP-2227
             Project: JGroups
          Issue Type: Bug
    Affects Versions: 4.0.6
            Reporter: Robert Cernak
            Assignee: Bela Ban
             Fix For: 4.0.12

         Attachments: jgroupsDoesNotThrowSecurityExceptionWithJgroups4012.zip,
jgroupsLogs.zip

 I implemented method org.jgroups.auth.AuthToken#authenticate(AuthToken token, Message
msg) in my class and its body contained only one line: return false; 
 In this way authentication should be false and I should get SecurityException.
 When I started joining of nodes together to form a cluster, instead of getting
SecurityException, nodes formed 2 different clusters with the same name.
 I am sure method was evaluated, since I tried to run it also with breakpoint, which was
triggered during joining process. 

--
This message was sent by Atlassian JIRA
(v7.5.0#75005)

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006