-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62088/
-----------------------------------------------------------
(Updated Sept. 7, 2017, 10:32 a.m.)
Review request for geode, Alexander Murmann, Galen O'Sullivan, Hitesh Khamesra,
and Udo Kohlmeyer.
Bugs: GEODE-3249
https://issues.apache.org/jira/browse/GEODE-3249
Repository: geode
Description (updated)
-------
This change leaves the security hole in place but allows you to plug it by
setting the system property
geode.disallow-internal-messages-without-credentials=true
Clients must be upgraded to the release containing this change if you set this
system property to true and client/server authentication is enabled. Otherwise
client messages to register PDX types or Instantiators will be rejected by the
servers.
New tests have been added to perform backward-compatibility testing with the
old security implementation and the internal message command classes have been
modified to perform validation of credentials if the system property is set to
true.
Diffs (updated)
-----
geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/ServerConnection.java
b243d8ebb8f7fb698a4637c7a787ee2d7216f1f7
geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/AddPdxEnum.java
5a4a07b81b18d33e465bd3aa46ad4232b976b608
geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/AddPdxType.java
041e12fbd04e81f1f69520c53ef9c2f7481132fd
geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/GetFunctionAttribute.java
76cc4a59bff691c4760083861362825d70ba326e
geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/GetPDXEnumById.java
5e59640e5067ec8ac5fc50807ec276e1bdc025dd
geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/GetPDXIdForEnum.java
b0ebaf23f27e91278c7afe3648954ad6113206a8
geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/GetPDXIdForType.java
f2172ef4d8fa9f83929d8f5b2aa0c5377d7cf57e
geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/GetPDXTypeById.java
e46445bc96d735a66aa09330a1790b951591251e
geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/GetPdxEnums70.java
3fe9750f8577a70e4cda9e76da83070f6e6606b1
geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/GetPdxTypes70.java
e64683fb620985d698357912bb1d1b52e8b24681
geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterDataSerializers.java
eef5195eae3bedb414aa2e2fca748b31e0b27908
geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInstantiators.java
a402cb360f05f99442833e6098c736d2ac18d69a
geode-core/src/test/java/org/apache/geode/security/ClientAuthenticationDUnitTest.java
ca7b2b6b7a2c8d8215eda828901a05dcabdf3625
geode-core/src/test/java/org/apache/geode/security/ClientAuthenticationPart2DUnitTest.java
f8ebe056e21228f1d9e32e1dd271f6a4bfb4af71
geode-core/src/test/java/org/apache/geode/security/ClientAuthenticationTestCase.java
0ecd72f4ee321f7f8aa5e998fa176551e45f025c
geode-core/src/test/java/org/apache/geode/security/ClientAuthorizationDUnitTest.java
09aedbec86f95ab9affa1f76b387a5a03c0098ec
geode-core/src/test/java/org/apache/geode/security/ClientAuthorizationTestCase.java
a4fd365ffaa51447d56c2bcb481311082ddcbc31
geode-core/src/test/java/org/apache/geode/security/SecurityTestUtils.java
e69f36de1efbd0061ad8621db45fe3a64686968e
geode-cq/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/MonitorCQ.java
f5e31df988f5955d2fbeef5269a7729ec97c9d03
geode-cq/src/test/java/org/apache/geode/security/ClientAuthorizationTwoDUnitTest.java
f5f686c0595c7500c4275292edb2e8f87593c67e
Diff: https://reviews.apache.org/r/62088/diff/2/
Changes: https://reviews.apache.org/r/62088/diff/1-2/
Testing
-------
Thanks,
Bruce Schuchardt
