Uploaded image for project: 'JGroups'
  1. JGroups
  2. JGRP-1255

AUTH: merging bypasses authorization process

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved (View Workflow)
    • Major
    • Resolution: Done
    • None
    • 2.12
    • None
    • Medium

    Description

      AUTH checks admission into the group at JOIN time, but not at MERGE time !

      To reproduce:

      • Copy auth.xml from JGroups/conf
      • Copy auth.xml to auth1.xml
      • Change the password in auth1.xml from "chris" to "chrissie"
      • Add <DISCARD use_gui="true"/> just above the transport to both auth.xml and auth1.xml
      • Start the instance A: java org.jgroups.demos.Draw -props ./auth.xml -name A
      • In the discard dialog box, click on "start discarding"
      • Start instance B: java org.jgroups.demos.Draw -props ./auth1.xml -name B
      • A and B will form 2 singleton clusters {A}

        and

        {B}
      • In instance A: click on "stop discarding" in the discard dialog box
      • A and B will merge into a cluster {A,B}

      SOLUTION: AUTH also needs to hook into the merge process and prevent a merge if authorization fails

      Attachments

        Activity

          People

            rhn-engineering-bban Bela Ban
            rhn-engineering-bban Bela Ban
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: