You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@geode.apache.org by "Owen Nichols (Jira)" <ji...@apache.org> on 2022/06/22 20:47:04 UTC
[jira] [Closed] (GEODE-9457) Investigate the behavior of CQ when authentication expires.
[ https://issues.apache.org/jira/browse/GEODE-9457?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Owen Nichols closed GEODE-9457.
-------------------------------
> Investigate the behavior of CQ when authentication expires.
> -----------------------------------------------------------
>
> Key: GEODE-9457
> URL: https://issues.apache.org/jira/browse/GEODE-9457
> Project: Geode
> Issue Type: Sub-task
> Components: core, security
> Reporter: Jinmei Liao
> Assignee: Jinmei Liao
> Priority: Major
> Labels: GeodeOperationAPI, pull-request-available
> Fix For: 1.15.0
>
>
> To ensure CQ message delivery when a user expires, we need to:
> # authorize the message when dispatching the message.
> # catch the AuthExpiredException and send REAUTHENTICATE message to the client
> # The client gets that message and re-authenticate
> # the message dispatcher will use the new subject to authorize the message again and try deliver
> # if client didn't re-authenticate back in a timely manner, the proxy should close the connection
> # make sure this also works in multi-user mode
> To have the message dispatcher to use the newly updated user to authorize the message, we need to be able to associate the new userId with the old userId. This would require
> 7: have the AuthenticateUserOp send the old userId if exists
> make sure to include tests in multi-server cases
--
This message was sent by Atlassian Jira
(v8.20.7#820007)