[jboss-jira] [JBoss JIRA] Resolved: (JGRP-1255) AUTH: merging bypasses authorization process
Bela Ban (JIRA)
jira-events at lists.jboss.org
Thu Dec 2 10:21:04 EST 2010
[ https://jira.jboss.org/browse/JGRP-1255?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Bela Ban resolved JGRP-1255.
----------------------------
Resolution: Done
> AUTH: merging bypasses authorization process
> --------------------------------------------
>
> Key: JGRP-1255
> URL: https://jira.jboss.org/browse/JGRP-1255
> Project: JGroups
> Issue Type: Bug
> Reporter: Bela Ban
> Assignee: Bela Ban
> Fix For: 2.12
>
>
> AUTH checks admission into the group at JOIN time, but *not* at MERGE time !
> To reproduce:
> - Copy auth.xml from JGroups/conf
> - Copy auth.xml to auth1.xml
> - Change the password in auth1.xml from "chris" to "chrissie"
> - Add <DISCARD use_gui="true"/> just above the transport to *both* auth.xml and auth1.xml
> - Start the instance A: java org.jgroups.demos.Draw -props ./auth.xml -name A
> - In the discard dialog box, click on "start discarding"
> - Start instance B: java org.jgroups.demos.Draw -props ./auth1.xml -name B
> - A and B will form 2 singleton clusters {A} and {B}
> - In instance A: click on "stop discarding" in the discard dialog box
> - A and B will merge into a cluster {A,B}
> SOLUTION: AUTH also needs to hook into the merge process and prevent a merge if authorization fails
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list