[ https://issues.apache.org/jira/browse/GEODE-10243?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jinmei Liao resolved GEODE-10243. --------------------------------- Fix Version/s: 1.15.0 Assignee: Jinmei Liao (was: Dan Smith) Resolution: Fixed > Old clients with durable queues should fail early if > AuthenticationExpiredException is thrown > --------------------------------------------------------------------------------------------- > > Key: GEODE-10243 > URL: https://issues.apache.org/jira/browse/GEODE-10243 > Project: Geode > Issue Type: Improvement > Components: client queues > Reporter: Dan Smith > Assignee: Jinmei Liao > Priority: Major > Labels: pull-request-available > Fix For: 1.15.0 > > > As part of the changes for GEODE-9457, when an AuthenticationExpiredException > is thrown from the SecurityManager during message dispatching, we send a > message to 1.15 and newer clients asking them to re-authenticate. > For 1.14 and older clients, we do not send a message. Instead, we just wait > for the {color:#00875a}reauthenticate.wait.time{color} to elapse and then > close the connection. > The net effect of this is that if users are doing cache operations from 1.14 > and older clients, and their SecurityManager expires the credentials of the > old clients, they will sometimes see their clients re-authenticate themselves > in that time window. This will mislead users into thinking that > re-authentication works with old clients and client queues, even though we > [have documented that we don't support > it|https://github.com/apache/geode/blob/09b8b46ef2fa1d463be885c6fa39dbfe1f0e3e83/geode-docs/managing/security/implementing_authentication_expiry.html.md.erb#L35]. > Instead of allowing re-authentication to sometimes work in this unsupported > use case, we should always fail so that is clear to users that this use case > is not supported. -- This message was sent by Atlassian Jira (v8.20.7#820007)