[GEODE-9457] Investigate the behavior of CQ when authentication expires. - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Sub-task
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.15.0
Component/s: core, security
Labels:
- GeodeOperationAPI
- pull-request-available

Description

To ensure CQ message delivery when a user expires, we need to:

authorize the message when dispatching the message.
catch the AuthExpiredException and send REAUTHENTICATE message to the client
The client gets that message and re-authenticate
the message dispatcher will use the new subject to authorize the message again and try deliver
if client didn't re-authenticate back in a timely manner, the proxy should close the connection
make sure this also works in multi-user mode

To have the message dispatcher to use the newly updated user to authorize the message, we need to be able to associate the new userId with the old userId. This would require

7: have the AuthenticateUserOp send the old userId if exists

make sure to include tests in multi-server cases

Attachments

Issue Links

is related to

GEODE-9454 The client, if multiple operations are in flight, should not flood the authentication server with re-authentication requests.

Closed

links to

GitHub Pull Request #6835

Activity

People

Assignee:: Jinmei Liao

Reporter:: Jinmei Liao

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 23/Jul/21 23:02

Updated:: 22/Jun/22 20:46

Resolved:: 20/Sep/21 19:19