[jboss-jira] [JBoss JIRA] (JGRP-1661) AUTH bypasses join requests without auth_headers
Sergey Tumashov (JIRA)
jira-events at lists.jboss.org
Thu Jul 18 15:52:26 EDT 2013
[ https://issues.jboss.org/browse/JGRP-1661?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sergey Tumashov updated JGRP-1661:
----------------------------------
Issue Type: Bug (was: Feature Request)
> AUTH bypasses join requests without auth_headers
> ------------------------------------------------
>
> Key: JGRP-1661
> URL: https://issues.jboss.org/browse/JGRP-1661
> Project: JGroups
> Issue Type: Bug
> Affects Versions: 3.3.3
> Reporter: Sergey Tumashov
> Assignee: Bela Ban
>
> The cluster coordinator allows new members to join the cluster if their join requests do not contain auth headers.
> A simple test case would involve two nodes. One node should be configured to use a protocol stack with AUTH. The other node should use the same stack but with AUTH excluded. The node that uses AUTH needs to be brought up first so it can become cluster coordinator. The second node will now successfully join the cluster even though it does not send any auth tokens along with its join requests.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list