Affects Version/s: 7.0.X, 7.1.X, Master
com.liferay.portal.servlet.filters.secure.NonceUtil uses a DelayQueue to save the generated nonces. This queue is individual per node, so a generated nonce can only be retrieved from the node that generates it.
Steps to Reproduce:
1.- Start a cluster with a couple of nodes
2.- Execute in one of the nodes the follwing script:
3.- With the generated nonce, for example C480f83bcb6bA813d2cdaL8V5c592eeO execute the following script (on the remaining node) to check if the nonce can be verified from the other node:
The nonce should be verified from the other node, hence printing Verify: true
The nonce can only be verified in the node where it was generated, hence printing Verify: false
Other test that must performed is the previous one, but executing step two with node2 down. The expected result would be the same.