[ https://issues.apache.org/jira/browse/GEODE-6717?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Mario Kevo updated GEODE-6717: ------------------------------ Component/s: jmx > NotAuthorizedException during JMX scraping > ------------------------------------------ > > Key: GEODE-6717 > URL: https://issues.apache.org/jira/browse/GEODE-6717 > Project: Geode > Issue Type: Improvement > Components: jmx, security > Reporter: Mario Kevo > Assignee: Mario Kevo > Priority: Major > > {color:#333333}Geode shows the following log and the JMX statistics gathering > fails:{color} > {code:java} > [info 2019/04/29 15:02:39.609 CEST locator <RMI TCP Connection(23)-127.0.0.1> > tid=0x80] NotAuthorizedException: null not authorized for CLUSTER:READ > {code} > {color:#333333}To reproduce this start geode with access control enabled and > start JMX scraping (e.g. with jmx-exporter) from 2 processes using the same > credentials at the same time. What happens is that the first RMI TCP > connection is created, the user is authenticated and an Apache Shiro session > is created. If the second process starts collecting JMX info while the first > one is still running, his RMI TCP Connection will not create a new session, > but attach to the existing one. Once the first connection ends, the session > is stopped, the cache emptied and the second connection is left trying to > gather info without a valid session and credentials info.{color} > > {color:#333333}As I saw this is how Apache Shiro works:{color} > {color:#333333}To create a session it use method _getSession(boolean > create)._ In case there is already an existing session associated with the > same Subject, it is returned and create argument is ignored. If no session > exist and create is true, new session will be created, associated with that > Subject and then returned. > {color} > > {color:#333333}Workaround for this is checking how many processes are > connected to the session, and logout only if this is the latest process > connected on it.{color} > -- This message was sent by Atlassian JIRA (v7.6.3#76005)