[
https://issues.apache.org/jira/browse/GEODE-2247?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15849028#comment-15849028
]
Kevin Duling commented on GEODE-2247:
-------------------------------------
The reason why it is succeeding is because credentials are not required on the
HTTP endpoint 'ping'. Gfsh sets up a watchdog thread to connect to this
endpoint every 1/2 second to ensure the connection is still alive.
A few questions have come up while researching this.
* Should ping be secured?
* Does ping terminate the connection or is it kept alive between requests? If
it doesn't, will it if a 403 is returned?
* Why is it that gfsh fires this ping request off every 500ms? Isn't a
less-frequent time interval acceptable? 15 seconds? 30 seconds?
> GFSH connect over HTTP without credentials should fail earlier
> --------------------------------------------------------------
>
> Key: GEODE-2247
> URL: https://issues.apache.org/jira/browse/GEODE-2247
> Project: Geode
> Issue Type: Bug
> Components: gfsh, rest (admin), security
> Affects Versions: 1.0.0-incubating
> Reporter: Ben Moss
> Assignee: Kevin Duling
> Priority: Minor
> Labels: HttpService, gfsh, security
>
> With a SecurityManager configured and using GFSH over http, issuing a
> {{connect}} command without {{--user}} or {{--password}} will appear to
> succeed, responding with {{Successfully connected to: GemFire Manager HTTP
> service}}. However if you then try to do anything in this session you will
> get an error {{Could not process command due to GemFire error. Error while
> processing command <list members> Reason : Error: Anonymous User}}.
> It seems like it should fail on the {{connect}}.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
