[jboss-jira] [JBoss JIRA] (JGRP-2207) Use of AUTH does result in a SecurityException if another client does not use AUTH
Bela Ban (JIRA)
issues at jboss.org
Tue Aug 8 09:12:00 EDT 2017
[ https://issues.jboss.org/browse/JGRP-2207?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13445668#comment-13445668 ]
Bela Ban commented on JGRP-2207:
--------------------------------
If you set {{authenticate_coord}} to false, then you get the desired outcome, see the attached modified program.
IMO, a rogue member not being able to join a cluster is as good as receiving a security exception.
Note that {{AUTH}} may not be necessary with the new {{ASYM_ENCRYPT}} and {{SSL_KEY_EXCHANGE}} protocols, as the latter includes peer authentication.
[1] http://www.jgroups.org/manual4/index.html#ENCRYPT
> Use of AUTH does result in a SecurityException if another client does not use AUTH
> ----------------------------------------------------------------------------------
>
> Key: JGRP-2207
> URL: https://issues.jboss.org/browse/JGRP-2207
> Project: JGroups
> Issue Type: Bug
> Affects Versions: 4.0.4
> Reporter: Mirko Streckenbach
> Assignee: Bela Ban
> Fix For: 4.0.5
>
> Attachments: JGroupsAuthExample.java
>
>
> If there are two members in a cluster, one with AUTH configured and started first, so it can become the coordinator and a second without AUTH, the documentation implies that the second should receive a SecurityException. Instead, it creates it's own cluster. This works as expected if the second member uses AUTH, but has a different SecurityToken.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list