Uploaded image for project: 'JGroups'
  1. JGroups
  2. JGRP-1255

AUTH: merging bypasses authorization process

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 2.12
    • None
    • None
    • Medium

      AUTH checks admission into the group at JOIN time, but not at MERGE time !

      To reproduce:

      • Copy auth.xml from JGroups/conf
      • Copy auth.xml to auth1.xml
      • Change the password in auth1.xml from "chris" to "chrissie"
      • Add <DISCARD use_gui="true"/> just above the transport to both auth.xml and auth1.xml
      • Start the instance A: java org.jgroups.demos.Draw -props ./auth.xml -name A
      • In the discard dialog box, click on "start discarding"
      • Start instance B: java org.jgroups.demos.Draw -props ./auth1.xml -name B
      • A and B will form 2 singleton clusters {A}

        and

        {B}
      • In instance A: click on "stop discarding" in the discard dialog box
      • A and B will merge into a cluster {A,B}

      SOLUTION: AUTH also needs to hook into the merge process and prevent a merge if authorization fails

              rhn-engineering-bban Bela Ban
              rhn-engineering-bban Bela Ban
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: