[jira] (GEODE-2247) GFSH over HTTP succeeds without authentication

Tue, 31 Jan 2017 09:38:30 -0800 

     [ 
https://issues.apache.org/jira/browse/GEODE-2247?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Kevin Duling updated GEODE-2247:
--------------------------------
    Comment: was deleted

(was: This may have been resolved by another fix already submitted.  I'm unable 
to reproduce this now.  The username/password is now prompted for.

{noformat}
kduling@kduling-mbpro:~/tmp$ gfsh run --file=http.gfsh 
1. Executing - start locator --name=loc-sec 
--security-properties-file=./security.properties --classpath=/Users/kduling/foo 
--bind-address=localhost

.....
Locator in /Users/kduling/tmp/loc-sec on localhost[10334] as loc-sec is 
currently online.
Process ID: 2425
Uptime: 3 seconds
Geode Version: 1.2.0-SNAPSHOT
Java Version: 1.8.0_92
Log File: /Users/kduling/tmp/loc-sec/loc-sec.log
JVM Arguments: 
-DgemfireSecurityPropertyFile=/Users/kduling/tmp/security.properties 
-Dgemfire.enable-cluster-configuration=true 
-Dgemfire.load-cluster-configuration-from-dir=false 
-Dgemfire.launcher.registerSignalHandlers=true -Djava.awt.headless=true 
-Dsun.rmi.dgc.server.gcInterval=9223372036854775806
Class-Path: 
/Users/kduling/Dev/pivotal/gemfire/open/geode-assembly/build/install/apache-geode/lib/geode-core-1.2.0-SNAPSHOT.jar:/Users/kduling/foo:/Users/kduling/Dev/pivotal/gemfire/open/geode-assembly/build/install/apache-geode/lib/geode-dependencies.jar

Please use "connect --locator=localhost[10334]" to connect Gfsh to the locator.

Authentication required to connect to the Manager.

Cluster configuration service is up and running.

2. Executing - start server --name=srv-sec 
--security-properties-file=./security.properties --classpath=/Users/kduling/foo 
--user=admin --start-rest-api --password=secret --locators=localhost[10334]

................
Server in /Users/kduling/tmp/srv-sec on 10.118.33.209[40404] as srv-sec is 
currently online.
Process ID: 2471
Uptime: 8 seconds
Geode Version: 1.2.0-SNAPSHOT
Java Version: 1.8.0_92
Log File: /Users/kduling/tmp/srv-sec/srv-sec.log
JVM Arguments: 
-DgemfireSecurityPropertyFile=/Users/kduling/tmp/security.properties 
-Dgemfire.security-username=admin -Dgemfire.locators=localhost[10334] 
-Dgemfire.use-cluster-configuration=true -Dgemfire.security-password=******** 
-Dgemfire.start-dev-rest-api=true -XX:OnOutOfMemoryError=kill -KILL %p 
-Dgemfire.launcher.registerSignalHandlers=true -Djava.awt.headless=true 
-Dsun.rmi.dgc.server.gcInterval=9223372036854775806
Class-Path: 
/Users/kduling/Dev/pivotal/gemfire/open/geode-assembly/build/install/apache-geode/lib/geode-core-1.2.0-SNAPSHOT.jar:/Users/kduling/foo:/Users/kduling/Dev/pivotal/gemfire/open/geode-assembly/build/install/apache-geode/lib/geode-dependencies.jar

3. Executing - connect --locator=localhost[10334] --user=admin --password=secret

Connecting to Locator at [host=localhost, port=10334] ..
Connecting to Manager at [host=10.118.33.209, port=1099] ..
Successfully connected to: [host=10.118.33.209, port=1099]

4. Executing - create region --name="regionA" --type=REPLICATE

Member  | Status
------- | --------------------------------------
srv-sec | Region "/regionA" created on "srv-sec"

kduling@kduling-mbpro:~/tmp$ gfsh
    _________________________     __
   / _____/ ______/ ______/ /____/ /
  / /  __/ /___  /_____  / _____  / 
 / /__/ / ____/  _____/ / /    / /  
/______/_/      /______/_/    /_/    1.2.0-SNAPSHOT

Monitor and Manage Apache Geode
gfsh>connect --locator=localhost[10334]
Connecting to Locator at [host=localhost, port=10334] ..
Connecting to Manager at [host=10.118.33.209, port=1099] ..
user:
{noformat})

> GFSH over HTTP succeeds without authentication
> ----------------------------------------------
>
>                 Key: GEODE-2247
>                 URL: https://issues.apache.org/jira/browse/GEODE-2247
>             Project: Geode
>          Issue Type: Bug
>          Components: gfsh, rest (admin), security
>            Reporter: Ben Moss
>            Assignee: Kevin Duling
>              Labels: HttpService, gfsh, security
>             Fix For: 1.1.0
>
>
> With a SecurityManager configured and using GFSH over http, issuing a 
> {{connect}} command without {{--user}} or {{--password}} will appear to 
> succeed, responding with {{Successfully connected to: GemFire Manager HTTP 
> service}}. However if you then try to do anything in this session you will 
> get an error {{Could not process command due to GemFire error. Error while 
> processing command <list members> Reason : Error: Anonymous User}}.
> It seems like it should fail on the {{connect}}.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to