Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-8808

AUTH fails to validate AuthHeader

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 11.0.0.Beta1
    • 11.0.0.Alpha1
    • Clustering
    • None
    • Hide

      Set up AUTH, try to start two servers in a cluster.

      /subsystem=jgroups/stack=udp2/protocol=AUTH:add()
/subsystem=jgroups/stack=udp2/protocol=AUTH/property=auth_class:add(value=org.jgroups.auth.MD5Token)
/subsystem=jgroups/stack=udp2/protocol=AUTH/property=auth_value:add(value=mytoken)
/subsystem=jgroups/stack=udp2/protocol=AUTH/property=token_hash:add(value=MD5)
      Show
      Set up AUTH , try to start two servers in a cluster. /subsystem=jgroups/stack=udp2/protocol=AUTH:add() /subsystem=jgroups/stack=udp2/protocol=AUTH/property=auth_class:add(value=org.jgroups.auth.MD5Token) /subsystem=jgroups/stack=udp2/protocol=AUTH/property=auth_value:add(value=mytoken) /subsystem=jgroups/stack=udp2/protocol=AUTH/property=token_hash:add(value=MD5)

    Description

      When setting up AUTH protocol and starting two servers, they fail to establish a view, because they never authenticate to each other:

      Server 1:

      12:21:59,348 WARN  [org.jgroups.protocols.AUTH] (thread-2) rjanik: failed to validate AuthHeader (token: SimpleToken) from node2; dropping message

      Server 2:

      12:23:17,370 WARN  [org.jgroups.protocols.AUTH] (thread-1) node2: failed to validate AuthHeader (token: SimpleToken) from node2; dropping message
12:23:17,371 WARN  [org.jgroups.protocols.AUTH] (thread-1) node2: failed to validate AuthHeader (token: SimpleToken) from node2; dropping message
12:23:17,372 WARN  [org.jgroups.protocols.AUTH] (thread-2) node2: failed to validate AuthHeader (token: SimpleToken) from rjanik; dropping message
12:23:22,370 WARN  [org.jgroups.protocols.pbcast.GMS] (MergeTask,ee,node2) node2: merge is cancelled: did not get any merge responses from partition coordinators

      AUTH does not set up the auth_value field for the SimpleToken and MD5Token when creating them and it looks like setAuthToken is not called later. Those tokens then fail when authenticating, referencing the auth_value field.

      AUTH:

          public void setAuthClass(String class_name) throws Exception {
        Object obj=Class.forName(class_name).newInstance();
        auth_token=(AuthToken)obj;
        auth_token.setAuth(this);
    }

      MD5Token:

                  return (this.auth_value != null) && (serverToken.auth_value != null)
              && (this.auth_value.equalsIgnoreCase(serverToken.auth_value));

      Attachments

        Issue Links

          clones

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-10285 AUTH fails to validate AuthHeader

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified

          Activity

            People

              pferraro@redhat.com Paul Ferraro
              pferraro@redhat.com Paul Ferraro
              Richard Janik Richard Janik
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: