You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@zookeeper.apache.org by GitBox <gi...@apache.org> on 2020/10/13 04:27:15 UTC

[GitHub] [zookeeper] hanm commented on pull request #1101: ZOOKEEPER-3561: Generalize target authentication scheme for ZooKeeper authentication enforcement

hanm commented on pull request #1101:
URL: https://github.com/apache/zookeeper/pull/1101#issuecomment-707478148


   can't believe it take a year for me to re-review this. my bad.
   
   @arshadmohammad - basically we need make sure two things:
   * First, unauthorized clients will get an error code, so they know whats wrong.
   * The underlying connection should be closed, so rogue (or innocent unauthorized) clients will not waste server resource.
   
   What we have now:
   `cnxn.sendCloseSession()` will close the underlying connection. In our workflow, we have:
   `ReplyHeader replyHeader = new ReplyHeader(h.getXid(), 0, Code.SESSIONCLOSEDREQUIRESASLAUTH.intValue());
                   cnxn.sendResponse(replyHeader, null, "response");
                   cnxn.sendCloseSession();
                   cnxn.disableRecv();`
   So unauthorized client first gets the error code, then gets a con loss due to close underlying connection. Both are what we need, right? 


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org