Details
-
Bug
-
Status: Closed
-
Resolution: Fixed
-
7.0.X, 7.1.X, Master
-
7.1.x, 7.0.x
-
Committed
-
0.5
-
3
Description
com.liferay.portal.servlet.filters.secure.NonceUtil uses a DelayQueue to save the generated nonces. This queue is individual per node, so a generated nonce can only be retrieved from the node that generates it.
Steps to Reproduce:
1.- Start a cluster with a couple of nodes
2.- Execute in one of the nodes the follwing script:
import com.liferay.portal.servlet.filters.secure.NonceUtil; String nonce = NonceUtil.generate(20099, "127.0.0.1"); out.println("Generated nonce: " + nonce);
3.- With the generated nonce, for example C480f83bcb6bA813d2cdaL8V5c592eeO execute the following script (on the remaining node) to check if the nonce can be verified from the other node:
import com.liferay.portal.servlet.filters.secure.NonceUtil; out.println("Verify: " + NonceUtil.verify("C480f83bcb6bA813d2cdaL8V5c592eeO"));
Expected Result:
The nonce should be verified from the other node, hence printing Verify: true
Actual:
The nonce can only be verified in the node where it was generated, hence printing Verify: false
Other test that must performed is the previous one, but executing step two with node2 down. The expected result would be the same.