You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@geode.apache.org by "Bruce Schuchardt (JIRA)" <ji...@apache.org> on 2017/12/13 23:35:00 UTC

[jira] [Commented] (GEODE-4086) ClientHealthMonitor removing client - socket should be closed before cleanup is done

    [ https://issues.apache.org/jira/browse/GEODE-4086?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16290091#comment-16290091 ] 

Bruce Schuchardt commented on GEODE-4086:
-----------------------------------------

[~WireBaron] and I created a test to reproduce this issue and it shows that even though the ServerConnection has removed the client's credentials from its map the credentials are still in the Shiro ThreadContext and in the ServerConnection's clientUserAuths object and are used to authorize a message received during the shutdown of the connection.

We paused the health monitor thread just before closing the client's connection and then had the client send another message.  The message went through the proper authorization checks using established credentials even though we verified that ServerConnection's map no longer had the credentials.

We added more pause points to make the health monitor clear the clientUserAuths just before the ServerConnection reads the security Subject and observed that the Subject was still available.

We altered the test to close the socket before having the client send another message.  This resulted in a new ServerConnection that went through authentication and established its own credentials.


> ClientHealthMonitor removing client - socket should be closed before cleanup is done
> ------------------------------------------------------------------------------------
>
>                 Key: GEODE-4086
>                 URL: https://issues.apache.org/jira/browse/GEODE-4086
>             Project: Geode
>          Issue Type: Bug
>          Components: client/server
>            Reporter: Brian Baynes
>             Fix For: 1.4.0
>
>
> When ClientHealthMonitor decides to remove a client, it appears to initiate cleanup (including removing the client's unique ID/auth token) before ensuring the socket is closed, creating a race condition where the server may accept additional requests from the client before the connection is closed.  This results in an auth exception because the auth token for the client was already removed.
> Instead, the socket should be closed before the cleanup is done.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)