THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
- There is logic on the java client to do re-authentication when user attributes somehow "disappeared" from the server, we can piggyback on this logic to handle the
AuthenticationExpiredException
. - For the older versions of the client, it just needs to be notified of the exception, no re-authentication is required on older clients.
- When credentials expired, if there are multiple operations from the client, we need to do something to prevent the client from sending out multiple re-authentication requests to the authentication server.
Things to verify:
We need to make sure in the following scenario, the behavior will be acceptable and shouldn't have introduce any security leaks:
- multi-user mode
- register interests and CQ
- function execution on servers
Performance Impact
For on-demand re-authentication, credential expiration is discovered by the server, the client gets the notification then initiate re-authentication. Client operations will be interrupted at some period, the client will try re-authenticate only once for this operation again, hopefully the 2nd time, it will succeed.
...