[jboss-jira] [JBoss JIRA] Created: (JGRP-1255) AUTH: merging bypasses authorization process
Bela Ban (JIRA)
jira-events at lists.jboss.org
Thu Nov 25 11:23:30 EST 2010
AUTH: merging bypasses authorization process
--------------------------------------------
Key: JGRP-1255
URL: https://jira.jboss.org/browse/JGRP-1255
Project: JGroups
Issue Type: Bug
Reporter: Bela Ban
Assignee: Bela Ban
Fix For: 2.12
AUTH checks admission into the group at JOIN time, but *not* at MERGE time !
To reproduce:
- Copy auth.xml from JGroups/conf
- Copy auth.xml to auth1.xml
- Change the password in auth1.xml from "chris" to "chrissie"
- Add <DISCARD use_gui="true"/> just above the transport to *both* auth.xml and auth1.xml
- Start the instance A: java org.jgroups.demos.Draw -props ./auth.xml -name A
- In the discard dialog box, click on "start discarding"
- Start instance B: java org.jgroups.demos.Draw -props ./auth1.xml -name B
- A and B will form 2 singleton clusters {A} and {B}
- In instance A: click on "stop discarding" in the discard dialog box
- A and B will merge into a cluster {A,B}
SOLUTION: AUTH also needs to hook into the merge process and prevent a merge if authorization fails
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list