[JOC-896] API calls should be handled correctly in case of fail-over of JOC Cockpit Cluster - SOS JIRA

XML

Word

Printable

Details

Type: Fix
Status: Released (View Workflow)
Priority: Minor
Resolution: Fixed
Affects Version/s: 1.13
Fix Version/s: 1.13.4
Component/s: None
Labels:
- patch

Description

Current Situation

The API calls

security/joc_cockpit_permissions
security/command_permissions
configurations

do end with an error in case of fail-over.

user is null Authorization header with basic based64part expected
JocAuthenticationException: token not valid

Desired Behavior

The API calls

security/joc_cockpit_permissions
security/command_permissions
configurations

should not end with an error in case of fail-over.

How to reproduce

Install two JOC Cockpit instances on two different servers.
Add the JOC Cockpit cluster configuration
with JOC Cockpit manage accounts
or direct in the shiro.ini.active configuration file

securityManager.sessionManager.globalSessionTimeout = 9000000
sessionDAO = com.sos.auth.shiro.SOSDistributedSessionDAO
securityManager.sessionManager.sessionDAO = $sessionDAO
*

Login in instance A using the login API call (use a REST client plugin for your browser)
Use one of the above API calls using the access-token returned by the login but now use the user instance.

Patch

A patch is available here

Attachments

Issue Links

links to

Patch for JOC-896

Activity

People

Assignee:: Uwe Risse

Reporter:: Uwe Risse

Approver:: Anuj Mandloi (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 26 February 2020 13:01

Updated:: 10 June 2020 17:01

Resolved:: 26 February 2020 13:25