[
https://issues.apache.org/jira/browse/GEODE-6717?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mario Kevo resolved GEODE-6717.
-------------------------------
Resolution: Fixed
Fix Version/s: 1.11.0
> NotAuthorizedException during JMX scraping
> ------------------------------------------
>
> Key: GEODE-6717
> URL: https://issues.apache.org/jira/browse/GEODE-6717
> Project: Geode
> Issue Type: Improvement
> Components: jmx, security
> Reporter: Mario Kevo
> Assignee: Mario Kevo
> Priority: Major
> Labels: needs-review, pull-request-available
> Fix For: 1.11.0
>
> Time Spent: 9h
> Remaining Estimate: 0h
>
> {color:#333333}Geode shows the following log and the JMX statistics gathering
> fails:{color}
> {code:java}
> [info 2019/04/29 15:02:39.609 CEST locator <RMI TCP Connection(23)-127.0.0.1>
> tid=0x80] NotAuthorizedException: null not authorized for CLUSTER:READ
> {code}
> {color:#333333}To reproduce this start geode with access control enabled and
> start JMX scraping (e.g. with jmx-exporter) from 2 processes using the same
> credentials at the same time. What happens is that the first RMI TCP
> connection is created, the user is authenticated and an Apache Shiro session
> is created. If the second process starts collecting JMX info while the first
> one is still running, his RMI TCP Connection will not create a new session,
> but attach to the existing one. Once the first connection ends, the session
> is stopped, the cache emptied and the second connection is left trying to
> gather info without a valid session and credentials info.{color}
>
> {color:#333333}As I saw this is how Apache Shiro works:{color}
> {color:#333333}To create a session it use method _getSession(boolean
> create)._ In case there is already an existing session associated with the
> same Subject, it is returned and create argument is ignored. If no session
> exist and create is true, new session will be created, associated with that
> Subject and then returned.
> {color}
>
> {color:#333333}Workaround for this is checking how many processes are
> connected to the session, and logout only if this is the latest process
> connected on it.{color}
>
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
