Review Request: QPID-3652: Fix cluster authentication.

Thu, 01 Dec 2011 13:09:21 -0800 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/2988/
-----------------------------------------------------------

Review request for qpid, Gordon Sim and Ted Ross.


Summary
-------

QPID-3652: Fix cluster authentication.

Only allow brokers that authenticate as the cluster-username to join a cluster.

New broker first connects to  a cluster broker authenticates as the 
cluster-username
and sends its CPG member ID to the qpid.cluster-credentials exchange.
The cluster broker that subsequently acts as updater verifies that the 
credentials are
valid before connecting to give the update.

NOTE: If you are using an ACL, the cluster-username must be allowed to
publish to the qpid.cluster-credentials exchange. E.g. in your ACL file:

acl allow foo@QPID publish exchange name=qpid.cluster-credentials


This addresses bug QPID-3652.
    https://issues.apache.org/jira/browse/QPID-3652


Diffs
-----

  /trunk/qpid/cpp/rubygen/amqpgen.rb 1209052 
  /trunk/qpid/cpp/src/Makefile.am 1209052 
  /trunk/qpid/cpp/src/cluster.mk 1209052 
  /trunk/qpid/cpp/src/qpid/UrlArray.h PRE-CREATION 
  /trunk/qpid/cpp/src/qpid/UrlArray.cpp PRE-CREATION 
  /trunk/qpid/cpp/src/qpid/broker/ConnectionState.h 1209052 
  /trunk/qpid/cpp/src/qpid/broker/SemanticState.h 1209052 
  /trunk/qpid/cpp/src/qpid/broker/SemanticState.cpp 1209052 
  /trunk/qpid/cpp/src/qpid/client/FailoverListener.cpp 1209052 
  /trunk/qpid/cpp/src/qpid/cluster/Cluster.h 1209052 
  /trunk/qpid/cpp/src/qpid/cluster/Cluster.cpp 1209052 
  /trunk/qpid/cpp/src/qpid/cluster/CredentialsExchange.h PRE-CREATION 
  /trunk/qpid/cpp/src/qpid/cluster/CredentialsExchange.cpp PRE-CREATION 
  /trunk/qpid/cpp/src/qpid/cluster/FailoverExchange.cpp 1209052 
  /trunk/qpid/cpp/src/qpid/cluster/InitialStatusMap.h 1209052 
  /trunk/qpid/cpp/src/qpid/cluster/InitialStatusMap.cpp 1209052 
  /trunk/qpid/cpp/src/tests/InitialStatusMap.cpp 1209052 
  /trunk/qpid/cpp/src/tests/brokertest.py 1209052 
  /trunk/qpid/cpp/src/tests/cluster_authentication_soak.cpp 1209052 
  /trunk/qpid/cpp/src/tests/cluster_tests.py 1209052 
  /trunk/qpid/cpp/xml/cluster.xml 1209052 

Diff: https://reviews.apache.org/r/2988/diff


Testing
-------

3 new tests in cluster_tests.py, tested by hand with ANONYMOUS, PLAIN and 
DIGEST-MD5 mechanisms.


Thanks,

Alan

Reply via email to