4 Replies Latest reply on Apr 26, 2007 11:19 AM by belaban

    Securing Cluster: JGroup AUTH

    hollowm

      I'm trying to 'secure' a JBoss cluster (3 nodes) so that new nodes that are put up on the network do not join without proper authorization.

      I have configured the cluster-service.xml to give the cluster a unique name, so I can avoid problems with the default settings. What I would like to do, however, is secure it such that a node must pass some authorization to join (such as a username/password from an LDAP repository).

      I have been searching for information on the JGroups AUTH, but is seems to be few and far between (only these urls, not very useful: http://blogs.jboss.com/blog/bela/2005/12/16/JGroups_and_authentication_or_how_AUTH_came_to_be.txt and
      http://wiki.jboss.org/wiki/Wiki.jsp?page=Authentication
      and finally,
      http://wiki.jboss.org/wiki/Wiki.jsp?page=JGroupsAUTH)

      Is there more information out there on setting this up that I'm not looking in the right place for? This seems like it should be somewhat trivial, but I can't find it...

      Thanks for help or pointers.

        • 1. Re: Securing Cluster: JGroup AUTH
          belaban

          There's a design document which is part of JGroups: JGroups/doc/design/AUTH. There is also an AuthTest unit test which shows how to configure/use AUTH

          • 2. Re: Securing Cluster: JGroup AUTH
            hollowm

            I've searched for those items in your response, but cannot find them, about the closest I get is at this site http://www.jgroups.org/javagroupsnew/docs/papers.html. Can you point me to where exactly those are?

            Thanks.

            • 3. Re: Securing Cluster: JGroup AUTH
              hollowm

              I downloaded the source for JGroups, and was able to find some documentation on AUTH and ENCRYPT there, but I was left a little bit confused. I had assumed that AS clustering used JGroups already to perform clustering, but now I'm not so sure. The documentation for JGroups talks about installation of JGroups project, which leads me to believe that it is altogether a separate entity. If that is the case, how does it integrate, and how does it get used by the cluster?

              • 4. Re: Securing Cluster: JGroup AUTH
                belaban

                Yes, the docs are part of the JGroups CVS.
                Yes, JGroups is used for JBossAS clustering. The clustering software that uses JGroups is an MBean called ClusterPartition. Otherwise, all state related functionality (e.g. replication) is done on top of JBossCache, which uses the same JGroups JAR