[
https://issues.apache.org/jira/browse/GEODE-9457?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Owen Nichols closed GEODE-9457.
-------------------------------
> Investigate the behavior of CQ when authentication expires.
> -----------------------------------------------------------
>
> Key: GEODE-9457
> URL: https://issues.apache.org/jira/browse/GEODE-9457
> Project: Geode
> Issue Type: Sub-task
> Components: core, security
> Reporter: Jinmei Liao
> Assignee: Jinmei Liao
> Priority: Major
> Labels: GeodeOperationAPI, pull-request-available
> Fix For: 1.15.0
>
>
> To ensure CQ message delivery when a user expires, we need to:
> # authorize the message when dispatching the message.
> # catch the AuthExpiredException and send REAUTHENTICATE message to the
> client
> # The client gets that message and re-authenticate
> # the message dispatcher will use the new subject to authorize the message
> again and try deliver
> # if client didn't re-authenticate back in a timely manner, the proxy should
> close the connection
> # make sure this also works in multi-user mode
> To have the message dispatcher to use the newly updated user to authorize the
> message, we need to be able to associate the new userId with the old userId.
> This would require
> 7: have the AuthenticateUserOp send the old userId if exists
> make sure to include tests in multi-server cases
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
