[jira] [Commented] (GEODE-4086) ClientHealthMonitor removing client - socket should be closed before cleanup is done

Wed, 13 Dec 2017 15:35:49 -0800 

    [ 
https://issues.apache.org/jira/browse/GEODE-4086?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16290091#comment-16290091
 ] 

Bruce Schuchardt commented on GEODE-4086:
-----------------------------------------

[~WireBaron] and I created a test to reproduce this issue and it shows that 
even though the ServerConnection has removed the client's credentials from its 
map the credentials are still in the Shiro ThreadContext and in the 
ServerConnection's clientUserAuths object and are used to authorize a message 
received during the shutdown of the connection.

We paused the health monitor thread just before closing the client's connection 
and then had the client send another message.  The message went through the 
proper authorization checks using established credentials even though we 
verified that ServerConnection's map no longer had the credentials.

We added more pause points to make the health monitor clear the clientUserAuths 
just before the ServerConnection reads the security Subject and observed that 
the Subject was still available.

We altered the test to close the socket before having the client send another 
message.  This resulted in a new ServerConnection that went through 
authentication and established its own credentials.


> ClientHealthMonitor removing client - socket should be closed before cleanup 
> is done
> ------------------------------------------------------------------------------------
>
>                 Key: GEODE-4086
>                 URL: https://issues.apache.org/jira/browse/GEODE-4086
>             Project: Geode
>          Issue Type: Bug
>          Components: client/server
>            Reporter: Brian Baynes
>             Fix For: 1.4.0
>
>
> When ClientHealthMonitor decides to remove a client, it appears to initiate 
> cleanup (including removing the client's unique ID/auth token) before 
> ensuring the socket is closed, creating a race condition where the server may 
> accept additional requests from the client before the connection is closed.  
> This results in an auth exception because the auth token for the client was 
> already removed.
> Instead, the socket should be closed before the cleanup is done.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to