[jboss-jira] [JBoss JIRA] (JGRP-1661) AUTH bypasses join requests without auth_headers
Bela Ban (JIRA)
jira-events at lists.jboss.org
Mon Jul 22 02:47:26 EDT 2013
[ https://issues.jboss.org/browse/JGRP-1661?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Bela Ban resolved JGRP-1661.
----------------------------
Resolution: Done
When a join or merge request with an AUTH header is encountered, the request will be denied. Also added support for message batches
> AUTH bypasses join requests without auth_headers
> ------------------------------------------------
>
> Key: JGRP-1661
> URL: https://issues.jboss.org/browse/JGRP-1661
> Project: JGroups
> Issue Type: Bug
> Affects Versions: 3.3.3
> Reporter: Sergey Tumashov
> Assignee: Bela Ban
> Fix For: 3.3.4, 3.4
>
>
> The cluster coordinator allows new members to join the cluster if their join requests do not contain auth headers.
> A simple test case would involve two nodes. One node should be configured to use a protocol stack with AUTH. The other node should use the same stack but with AUTH excluded. The node that uses AUTH needs to be brought up first so it can become cluster coordinator. The second node will now successfully join the cluster even though it does not send any auth tokens along with its join requests.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list