[jboss-jira] [JBoss JIRA] (JGRP-2207) Use of AUTH does result in a SecurityException if another client does not use AUTH

Mirko Streckenbach (JIRA) issues at jboss.org
Tue Aug 8 12:05:00 EDT 2017 

    [ https://issues.jboss.org/browse/JGRP-2207?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13445822#comment-13445822 ] 

Mirko Streckenbach commented on JGRP-2207:
------------------------------------------

[~belaban] Your example has AUTH configured on both stacks which works fine. My example omits AUTH on the second stack, so only the coordinator has AUTH. In that case it does not work regardless of authenticate_coord (our original code has that set, I shortened it for the example). 
IMHO the following code is responsible:
{code}
        if(gms_hdr != null && needsAuthentication(gms_hdr)) {
            AuthHeader auth_hdr=msg.getHeader(id);
            if(auth_hdr == null)
                throw new IllegalStateException(String.format("found %s from %s but no AUTH header", gms_hdr, msg.src()));
            if(!handleAuthHeader(gms_hdr, auth_hdr, msg)) // authentication failed
                return null;    // don't pass up
        }
{code}
If this runs on the coordinator and the second stack tries to join an IllegalStateException is thrown and that results in the package dropped, without a rejection being sent. My suggestion would be to change it to something like (untested):
{code}
        if(gms_hdr != null && needsAuthentication(gms_hdr)) {
            AuthHeader auth_hdr=msg.getHeader(id);
            if(auth_hdr == null) {
                 log.warn(...)
                 sendRejectionMessage(gms_hdr.getType(), msg.getSrc(), "authentication failed");
                 return null;
            }
            if(!handleAuthHeader(gms_hdr, auth_hdr, msg)) // authentication failed
                return null;    // don't pass up
        }
{code}
However, this might have other side effects well beyond my understanding of JGroups

We are going to create distributed locks on top of the example, so a rogue cluster does not sound too good for us.

Thanks for your hints regarding AUTH and encryption. This is not something we plan on using right now, but might be a topic for the future.


> Use of AUTH does result in a SecurityException if another client does not use AUTH
> ----------------------------------------------------------------------------------
>
>                 Key: JGRP-2207
>                 URL: https://issues.jboss.org/browse/JGRP-2207
>             Project: JGroups
>          Issue Type: Bug
>    Affects Versions: 4.0.4
>            Reporter: Mirko Streckenbach
>            Assignee: Bela Ban
>             Fix For: 4.0.5
>
>         Attachments: JGroupsAuthExample.java, JGroupsAuthExample.java
>
>
> If there are two members in a cluster, one with AUTH configured and started first, so it can become the coordinator and a second without AUTH, the documentation implies that the second should receive a SecurityException. Instead, it creates it's own cluster. This works as expected if the second member uses AUTH, but has a different SecurityToken.



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list