[jboss-jira] [JBoss JIRA] (JGRP-2207) Use of AUTH does not result in a SecurityException if another client does not use AUTH
Bela Ban (JIRA)
issues at jboss.org
Wed Aug 9 03:39:00 EDT 2017
[ https://issues.jboss.org/browse/JGRP-2207?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13446082#comment-13446082 ]
Bela Ban commented on JGRP-2207:
--------------------------------
Got you: you want the second member's JOIN request to fail and it to terminate rather than forming a separate cluster.
Again, while I don't think forming a separate cluster is a bad idea (remember: the main goal is for the second member *not* to join the first member's cluster), I changed the code to:
{code:java}
AuthHeader auth_hdr=msg.getHeader(id);
if(auth_hdr == null) {
sendRejectionMessage(gms_hdr.getType(), msg.src(), "no AUTH header found in message");
throw new IllegalStateException(String.format("found %s from %s but no AUTH header", gms_hdr, msg.src()));
}
{code}
So now a rejection message is sent to the joiner before throwing the exception, which is a minimal non-invasive change.
WDYT?
> Use of AUTH does not result in a SecurityException if another client does not use AUTH
> --------------------------------------------------------------------------------------
>
> Key: JGRP-2207
> URL: https://issues.jboss.org/browse/JGRP-2207
> Project: JGroups
> Issue Type: Bug
> Affects Versions: 4.0.4
> Reporter: Mirko Streckenbach
> Assignee: Bela Ban
> Fix For: 4.0.5
>
> Attachments: JGroupsAuthExample.java, JGroupsAuthExample.java
>
>
> If there are two members in a cluster, one with AUTH configured and started first, so it can become the coordinator and a second without AUTH, the documentation implies that the second should receive a SecurityException. Instead, it creates it's own cluster. This works as expected if the second member uses AUTH, but has a different SecurityToken.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list