[ https://issues.apache.org/jira/browse/GEODE-2247?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15849028#comment-15849028 ]
Kevin Duling commented on GEODE-2247: ------------------------------------- The reason why it is succeeding is because credentials are not required on the HTTP endpoint 'ping'. Gfsh sets up a watchdog thread to connect to this endpoint every 1/2 second to ensure the connection is still alive. A few questions have come up while researching this. * Should ping be secured? * Does ping terminate the connection or is it kept alive between requests? If it doesn't, will it if a 403 is returned? * Why is it that gfsh fires this ping request off every 500ms? Isn't a less-frequent time interval acceptable? 15 seconds? 30 seconds? > GFSH connect over HTTP without credentials should fail earlier > -------------------------------------------------------------- > > Key: GEODE-2247 > URL: https://issues.apache.org/jira/browse/GEODE-2247 > Project: Geode > Issue Type: Bug > Components: gfsh, rest (admin), security > Affects Versions: 1.0.0-incubating > Reporter: Ben Moss > Assignee: Kevin Duling > Priority: Minor > Labels: HttpService, gfsh, security > > With a SecurityManager configured and using GFSH over http, issuing a > {{connect}} command without {{--user}} or {{--password}} will appear to > succeed, responding with {{Successfully connected to: GemFire Manager HTTP > service}}. However if you then try to do anything in this session you will > get an error {{Could not process command due to GemFire error. Error while > processing command <list members> Reason : Error: Anonymous User}}. > It seems like it should fail on the {{connect}}. -- This message was sent by Atlassian JIRA (v6.3.15#6346)