You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by cl...@apache.org on 2017/01/09 17:17:59 UTC
[2/2] activemq-artemis git commit: ARTEMIS-899 don't log stack trace
on authn failure
ARTEMIS-899 don't log stack trace on authn failure
Project: http://git-wip-us.apache.org/repos/asf/activemq-artemis/repo
Commit: http://git-wip-us.apache.org/repos/asf/activemq-artemis/commit/f1d67df5
Tree: http://git-wip-us.apache.org/repos/asf/activemq-artemis/tree/f1d67df5
Diff: http://git-wip-us.apache.org/repos/asf/activemq-artemis/diff/f1d67df5
Branch: refs/heads/master
Commit: f1d67df5e69737ca26cb65686b87391fbda9eadc
Parents: 2eb5198
Author: Justin Bertram <jb...@apache.org>
Authored: Fri Jan 6 15:32:52 2017 -0600
Committer: Clebert Suconic <cl...@apache.org>
Committed: Mon Jan 9 12:17:48 2017 -0500
----------------------------------------------------------------------
.../protocol/core/impl/ActiveMQPacketHandler.java | 4 ++++
.../artemis/core/server/ActiveMQServerLogger.java | 4 ++++
.../security/jaas/CertificateLoginModule.java | 2 +-
.../spi/core/security/jaas/LDAPLoginModule.java | 1 -
.../core/security/jaas/PropertiesLoginModule.java | 18 +++++++-----------
5 files changed, 16 insertions(+), 13 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/f1d67df5/artemis-server/src/main/java/org/apache/activemq/artemis/core/protocol/core/impl/ActiveMQPacketHandler.java
----------------------------------------------------------------------
diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/protocol/core/impl/ActiveMQPacketHandler.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/protocol/core/impl/ActiveMQPacketHandler.java
index 31ab624..d4a10c4 100644
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/protocol/core/impl/ActiveMQPacketHandler.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/protocol/core/impl/ActiveMQPacketHandler.java
@@ -22,6 +22,7 @@ import java.util.Map;
import org.apache.activemq.artemis.api.core.ActiveMQException;
import org.apache.activemq.artemis.api.core.ActiveMQExceptionType;
import org.apache.activemq.artemis.api.core.ActiveMQInternalErrorException;
+import org.apache.activemq.artemis.api.core.ActiveMQSecurityException;
import org.apache.activemq.artemis.api.core.SimpleString;
import org.apache.activemq.artemis.core.persistence.OperationContext;
import org.apache.activemq.artemis.core.protocol.core.Channel;
@@ -174,6 +175,9 @@ public class ActiveMQPacketHandler implements ChannelHandler {
protocolManager.addSessionHandler(request.getName(), handler);
response = new CreateSessionResponseMessage(server.getVersion().getIncrementingVersion());
+ } catch (ActiveMQSecurityException e) {
+ ActiveMQServerLogger.LOGGER.securityProblemWhileCreatingSession(e.getMessage());
+ response = new ActiveMQExceptionMessage(e);
} catch (ActiveMQException e) {
if (e.getType() == ActiveMQExceptionType.INCOMPATIBLE_CLIENT_SERVER_VERSIONS) {
incompatibleVersion = true;
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/f1d67df5/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/ActiveMQServerLogger.java
----------------------------------------------------------------------
diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/ActiveMQServerLogger.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/ActiveMQServerLogger.java
index 564aabd..b52ed24 100644
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/ActiveMQServerLogger.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/ActiveMQServerLogger.java
@@ -1283,6 +1283,10 @@ public interface ActiveMQServerLogger extends BasicLogger {
format = Message.Format.MESSAGE_FORMAT)
void negativeGlobalAddressSize(long size);
+ @LogMessage(level = Logger.Level.WARN)
+ @Message(id = 222216, value = "Security problem while creating session: {0}", format = Message.Format.MESSAGE_FORMAT)
+ void securityProblemWhileCreatingSession(String message);
+
@LogMessage(level = Logger.Level.ERROR)
@Message(id = 224000, value = "Failure in initialisation", format = Message.Format.MESSAGE_FORMAT)
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/f1d67df5/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/CertificateLoginModule.java
----------------------------------------------------------------------
diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/CertificateLoginModule.java b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/CertificateLoginModule.java
index 9c10058..0625ba5 100644
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/CertificateLoginModule.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/CertificateLoginModule.java
@@ -75,7 +75,7 @@ public abstract class CertificateLoginModule extends PropertiesLoader implements
} catch (IOException ioe) {
throw new LoginException(ioe.getMessage());
} catch (UnsupportedCallbackException uce) {
- throw new LoginException(uce.getMessage() + " Unable to obtain client certificates.");
+ throw new LoginException("Unable to obtain client certificates: " + uce.getMessage());
}
certificates = ((CertificateCallback) callbacks[0]).getCertificates();
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/f1d67df5/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/LDAPLoginModule.java
----------------------------------------------------------------------
diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/LDAPLoginModule.java b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/LDAPLoginModule.java
index 5c2343a..48fc3b9 100644
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/LDAPLoginModule.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/LDAPLoginModule.java
@@ -209,7 +209,6 @@ public class LDAPLoginModule implements LoginModule {
NamingEnumeration<SearchResult> results = context.search(getLDAPPropertyValue(USER_BASE), filter, constraints);
if (results == null || !results.hasMore()) {
- ActiveMQServerLogger.LOGGER.warn("User " + username + " not found in LDAP.");
throw new FailedLoginException("User " + username + " not found in LDAP.");
}
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/f1d67df5/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/PropertiesLoginModule.java
----------------------------------------------------------------------
diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/PropertiesLoginModule.java b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/PropertiesLoginModule.java
index 957bb8a..cbe5e4f 100644
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/PropertiesLoginModule.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/PropertiesLoginModule.java
@@ -86,29 +86,25 @@ public class PropertiesLoginModule extends PropertiesLoader implements LoginModu
tmpPassword = new char[0];
}
if (user == null) {
- throw new FailedLoginException("user name is null");
+ throw new FailedLoginException("User is null");
}
String password = users.getProperty(user);
if (password == null) {
- throw new FailedLoginException("User does exist");
+ throw new FailedLoginException("User does not exist: " + user);
}
- //password is hashed
try {
hashProcessor = PasswordMaskingUtil.getHashProcessor(password);
-
- if (!hashProcessor.compare(tmpPassword, password)) {
- throw new FailedLoginException("Password does not match");
- }
- loginSucceeded = true;
} catch (Exception e) {
- if (debug) {
- logger.debug("Exception getting a hash processor", e);
- }
throw new FailedLoginException("Failed to get hash processor");
}
+ if (!hashProcessor.compare(tmpPassword, password)) {
+ throw new FailedLoginException("Password does not match for user: " + user);
+ }
+ loginSucceeded = true;
+
if (debug) {
logger.debug("login " + user);
}