You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Robbie Gemmell (JIRA)" <ji...@apache.org> on 2015/06/02 16:55:17 UTC
[jira] [Updated] (QPIDJMS-65) updated SASL mechanism selection to
consider available credentials
[ https://issues.apache.org/jira/browse/QPIDJMS-65?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Robbie Gemmell updated QPIDJMS-65:
----------------------------------
Component/s: qpid-jms-client
Description:
The SASL mechanism selection currently only looks at whether the server and client both support the mechanism. In cases tehre authentication credntials are required, we should also consider whether they are actually available and use another mechanism if they are not.
Original Text:
When the CRAM-MD5 SASL mechanism is used and no jms.username or jms.password parameter was specified in connection URI, a NullPointerExpception will be thrown, for example:
{code}TRACE org.apache.qpid.jms.transports.netty.NettyTcpTransport - Attempted write of: 8 bytes
TRACE org.apache.qpid.jms.transports.netty.NettyTcpTransport - New data read: 68 bytes incoming: UnpooledHeapByteBuf(ridx: 0, widx: 68, cap: 65536)
TRACE org.apache.qpid.jms.provider.amqp.AmqpProvider - Received from Broker 68 bytes: UnpooledHeapByteBuf(ridx: 0, widx: 68, cap: 65536)
TRACE org.apache.qpid.jms.provider.amqp.AmqpProvider - New Proton Event: CONNECTION_INIT
TRACE org.apache.qpid.jms.provider.amqp.AmqpProvider - New Proton Event: SESSION_INIT
TRACE org.apache.qpid.jms.provider.amqp.AmqpProvider - New Proton Event: CONNECTION_LOCAL_OPEN
DEBUG org.apache.qpid.jms.sasl.SaslMechanismFinder - Unknown SASL mechanism: [DIGEST-MD5]
INFO org.apache.qpid.jms.sasl.SaslMechanismFinder - Best match for SASL auth was: SASL-CRAM-MD5
TRACE org.apache.qpid.jms.transports.netty.NettyTcpTransport - Attempted write of: 24 bytes
TRACE org.apache.qpid.jms.transports.netty.NettyTcpTransport - New data read: 55 bytes incoming: UnpooledHeapByteBuf(ridx: 0, widx: 55, cap: 65536)
TRACE org.apache.qpid.jms.provider.amqp.AmqpProvider - Received from Broker 55 bytes: UnpooledHeapByteBuf(ridx: 0, widx: 55, cap: 65536)
WARN org.apache.qpid.jms.provider.amqp.AmqpProvider - Caught Exception during update processing: null
java.lang.NullPointerException
at org.apache.qpid.jms.sasl.CramMD5Mechanism.getChallengeResponse(CramMD5Mechanism.java:57)
at org.apache.qpid.jms.provider.amqp.AmqpSaslAuthenticator.handleSaslStep(AmqpSaslAuthenticator.java:111)
at org.apache.qpid.jms.provider.amqp.AmqpSaslAuthenticator.authenticate(AmqpSaslAuthenticator.java:63)
at org.apache.qpid.jms.provider.amqp.AmqpConnection.processSaslAuthentication(AmqpConnection.java:155)
at org.apache.qpid.jms.provider.amqp.AmqpProvider.processUpdates(AmqpProvider.java:777)
at org.apache.qpid.jms.provider.amqp.AmqpProvider.access$1500(AmqpProvider.java:87)
at org.apache.qpid.jms.provider.amqp.AmqpProvider$16.run(AmqpProvider.java:667)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:178)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:292)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
javax.jms.JMSException: java.lang.NullPointerException
Exception occurred and was caught by onException
at org.apache.qpid.jms.exceptions.JmsExceptionSupport.create(JmsExceptionSupport.java:60)
at org.apache.qpid.jms.JmsConnection.onAsyncException(JmsConnection.java:1169)
at org.apache.qpid.jms.JmsConnection.onConnectionFailure(JmsConnection.java:1085)
at org.apache.qpid.jms.provider.amqp.AmqpProvider.fireProviderException(AmqpProvider.java:832)
at org.apache.qpid.jms.provider.amqp.AmqpProvider.processUpdates(AmqpProvider.java:781)
at org.apache.qpid.jms.provider.amqp.AmqpProvider.access$1500(AmqpProvider.java:87)
at org.apache.qpid.jms.provider.amqp.AmqpProvider$16.run(AmqpProvider.java:667)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:178)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:292)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.io.IOException: java.lang.NullPointerException
at org.apache.qpid.jms.util.IOExceptionSupport.create(IOExceptionSupport.java:45)
... 11 more
Caused by: java.lang.NullPointerException
at org.apache.qpid.jms.sasl.CramMD5Mechanism.getChallengeResponse(CramMD5Mechanism.java:57)
at org.apache.qpid.jms.provider.amqp.AmqpSaslAuthenticator.handleSaslStep(AmqpSaslAuthenticator.java:111)
at org.apache.qpid.jms.provider.amqp.AmqpSaslAuthenticator.authenticate(AmqpSaslAuthenticator.java:63)
at org.apache.qpid.jms.provider.amqp.AmqpConnection.processSaslAuthentication(AmqpConnection.java:155)
at org.apache.qpid.jms.provider.amqp.AmqpProvider.processUpdates(AmqpProvider.java:777)
... 9 more{code}
The PLAIN mechanism actually validates username and password and replaces it with empty string in case they are null. However, setting the password to empty string causes another exception in SecretKeySpec. So the password has to be set for example to space to make it work.
Is missing username or password (or set to empty string) actually a valid scenario? For example I don't think it can be configured on the Qpid C++ broker.
was:
When the CRAM-MD5 SASL mechanism is used and no jms.username or jms.password parameter was specified in connection URI, a NullPointerExpception will be thrown, for example:
{code}TRACE org.apache.qpid.jms.transports.netty.NettyTcpTransport - Attempted write of: 8 bytes
TRACE org.apache.qpid.jms.transports.netty.NettyTcpTransport - New data read: 68 bytes incoming: UnpooledHeapByteBuf(ridx: 0, widx: 68, cap: 65536)
TRACE org.apache.qpid.jms.provider.amqp.AmqpProvider - Received from Broker 68 bytes: UnpooledHeapByteBuf(ridx: 0, widx: 68, cap: 65536)
TRACE org.apache.qpid.jms.provider.amqp.AmqpProvider - New Proton Event: CONNECTION_INIT
TRACE org.apache.qpid.jms.provider.amqp.AmqpProvider - New Proton Event: SESSION_INIT
TRACE org.apache.qpid.jms.provider.amqp.AmqpProvider - New Proton Event: CONNECTION_LOCAL_OPEN
DEBUG org.apache.qpid.jms.sasl.SaslMechanismFinder - Unknown SASL mechanism: [DIGEST-MD5]
INFO org.apache.qpid.jms.sasl.SaslMechanismFinder - Best match for SASL auth was: SASL-CRAM-MD5
TRACE org.apache.qpid.jms.transports.netty.NettyTcpTransport - Attempted write of: 24 bytes
TRACE org.apache.qpid.jms.transports.netty.NettyTcpTransport - New data read: 55 bytes incoming: UnpooledHeapByteBuf(ridx: 0, widx: 55, cap: 65536)
TRACE org.apache.qpid.jms.provider.amqp.AmqpProvider - Received from Broker 55 bytes: UnpooledHeapByteBuf(ridx: 0, widx: 55, cap: 65536)
WARN org.apache.qpid.jms.provider.amqp.AmqpProvider - Caught Exception during update processing: null
java.lang.NullPointerException
at org.apache.qpid.jms.sasl.CramMD5Mechanism.getChallengeResponse(CramMD5Mechanism.java:57)
at org.apache.qpid.jms.provider.amqp.AmqpSaslAuthenticator.handleSaslStep(AmqpSaslAuthenticator.java:111)
at org.apache.qpid.jms.provider.amqp.AmqpSaslAuthenticator.authenticate(AmqpSaslAuthenticator.java:63)
at org.apache.qpid.jms.provider.amqp.AmqpConnection.processSaslAuthentication(AmqpConnection.java:155)
at org.apache.qpid.jms.provider.amqp.AmqpProvider.processUpdates(AmqpProvider.java:777)
at org.apache.qpid.jms.provider.amqp.AmqpProvider.access$1500(AmqpProvider.java:87)
at org.apache.qpid.jms.provider.amqp.AmqpProvider$16.run(AmqpProvider.java:667)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:178)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:292)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
javax.jms.JMSException: java.lang.NullPointerException
Exception occurred and was caught by onException
at org.apache.qpid.jms.exceptions.JmsExceptionSupport.create(JmsExceptionSupport.java:60)
at org.apache.qpid.jms.JmsConnection.onAsyncException(JmsConnection.java:1169)
at org.apache.qpid.jms.JmsConnection.onConnectionFailure(JmsConnection.java:1085)
at org.apache.qpid.jms.provider.amqp.AmqpProvider.fireProviderException(AmqpProvider.java:832)
at org.apache.qpid.jms.provider.amqp.AmqpProvider.processUpdates(AmqpProvider.java:781)
at org.apache.qpid.jms.provider.amqp.AmqpProvider.access$1500(AmqpProvider.java:87)
at org.apache.qpid.jms.provider.amqp.AmqpProvider$16.run(AmqpProvider.java:667)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:178)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:292)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.io.IOException: java.lang.NullPointerException
at org.apache.qpid.jms.util.IOExceptionSupport.create(IOExceptionSupport.java:45)
... 11 more
Caused by: java.lang.NullPointerException
at org.apache.qpid.jms.sasl.CramMD5Mechanism.getChallengeResponse(CramMD5Mechanism.java:57)
at org.apache.qpid.jms.provider.amqp.AmqpSaslAuthenticator.handleSaslStep(AmqpSaslAuthenticator.java:111)
at org.apache.qpid.jms.provider.amqp.AmqpSaslAuthenticator.authenticate(AmqpSaslAuthenticator.java:63)
at org.apache.qpid.jms.provider.amqp.AmqpConnection.processSaslAuthentication(AmqpConnection.java:155)
at org.apache.qpid.jms.provider.amqp.AmqpProvider.processUpdates(AmqpProvider.java:777)
... 9 more{code}
The PLAIN mechanism actually validates username and password and replaces it with empty string in case they are null. However, setting the password to empty string causes another exception in SecretKeySpec. So the password has to be set for example to space to make it work.
Is missing username or password (or set to empty string) actually a valid scenario? For example I don't think it can be configured on the Qpid C++ broker.
Fix Version/s: 0.3.0
Summary: updated SASL mechanism selection to consider available credentials (was: CRAM-MD5 SASL mechanism throws NullPointerException when no username or password is specified)
> updated SASL mechanism selection to consider available credentials
> ------------------------------------------------------------------
>
> Key: QPIDJMS-65
> URL: https://issues.apache.org/jira/browse/QPIDJMS-65
> Project: Qpid JMS
> Issue Type: Bug
> Components: qpid-jms-client
> Affects Versions: 0.2.0
> Reporter: Jakub Scholz
> Assignee: Robbie Gemmell
> Priority: Minor
> Fix For: 0.3.0
>
> Attachments: QPIDJMS-65.patch
>
>
> The SASL mechanism selection currently only looks at whether the server and client both support the mechanism. In cases tehre authentication credntials are required, we should also consider whether they are actually available and use another mechanism if they are not.
> Original Text:
> When the CRAM-MD5 SASL mechanism is used and no jms.username or jms.password parameter was specified in connection URI, a NullPointerExpception will be thrown, for example:
> {code}TRACE org.apache.qpid.jms.transports.netty.NettyTcpTransport - Attempted write of: 8 bytes
> TRACE org.apache.qpid.jms.transports.netty.NettyTcpTransport - New data read: 68 bytes incoming: UnpooledHeapByteBuf(ridx: 0, widx: 68, cap: 65536)
> TRACE org.apache.qpid.jms.provider.amqp.AmqpProvider - Received from Broker 68 bytes: UnpooledHeapByteBuf(ridx: 0, widx: 68, cap: 65536)
> TRACE org.apache.qpid.jms.provider.amqp.AmqpProvider - New Proton Event: CONNECTION_INIT
> TRACE org.apache.qpid.jms.provider.amqp.AmqpProvider - New Proton Event: SESSION_INIT
> TRACE org.apache.qpid.jms.provider.amqp.AmqpProvider - New Proton Event: CONNECTION_LOCAL_OPEN
> DEBUG org.apache.qpid.jms.sasl.SaslMechanismFinder - Unknown SASL mechanism: [DIGEST-MD5]
> INFO org.apache.qpid.jms.sasl.SaslMechanismFinder - Best match for SASL auth was: SASL-CRAM-MD5
> TRACE org.apache.qpid.jms.transports.netty.NettyTcpTransport - Attempted write of: 24 bytes
> TRACE org.apache.qpid.jms.transports.netty.NettyTcpTransport - New data read: 55 bytes incoming: UnpooledHeapByteBuf(ridx: 0, widx: 55, cap: 65536)
> TRACE org.apache.qpid.jms.provider.amqp.AmqpProvider - Received from Broker 55 bytes: UnpooledHeapByteBuf(ridx: 0, widx: 55, cap: 65536)
> WARN org.apache.qpid.jms.provider.amqp.AmqpProvider - Caught Exception during update processing: null
> java.lang.NullPointerException
> at org.apache.qpid.jms.sasl.CramMD5Mechanism.getChallengeResponse(CramMD5Mechanism.java:57)
> at org.apache.qpid.jms.provider.amqp.AmqpSaslAuthenticator.handleSaslStep(AmqpSaslAuthenticator.java:111)
> at org.apache.qpid.jms.provider.amqp.AmqpSaslAuthenticator.authenticate(AmqpSaslAuthenticator.java:63)
> at org.apache.qpid.jms.provider.amqp.AmqpConnection.processSaslAuthentication(AmqpConnection.java:155)
> at org.apache.qpid.jms.provider.amqp.AmqpProvider.processUpdates(AmqpProvider.java:777)
> at org.apache.qpid.jms.provider.amqp.AmqpProvider.access$1500(AmqpProvider.java:87)
> at org.apache.qpid.jms.provider.amqp.AmqpProvider$16.run(AmqpProvider.java:667)
> at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
> at java.util.concurrent.FutureTask.run(FutureTask.java:262)
> at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:178)
> at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:292)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> at java.lang.Thread.run(Thread.java:745)
> javax.jms.JMSException: java.lang.NullPointerException
> Exception occurred and was caught by onException
> at org.apache.qpid.jms.exceptions.JmsExceptionSupport.create(JmsExceptionSupport.java:60)
> at org.apache.qpid.jms.JmsConnection.onAsyncException(JmsConnection.java:1169)
> at org.apache.qpid.jms.JmsConnection.onConnectionFailure(JmsConnection.java:1085)
> at org.apache.qpid.jms.provider.amqp.AmqpProvider.fireProviderException(AmqpProvider.java:832)
> at org.apache.qpid.jms.provider.amqp.AmqpProvider.processUpdates(AmqpProvider.java:781)
> at org.apache.qpid.jms.provider.amqp.AmqpProvider.access$1500(AmqpProvider.java:87)
> at org.apache.qpid.jms.provider.amqp.AmqpProvider$16.run(AmqpProvider.java:667)
> at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
> at java.util.concurrent.FutureTask.run(FutureTask.java:262)
> at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:178)
> at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:292)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> at java.lang.Thread.run(Thread.java:745)
> Caused by: java.io.IOException: java.lang.NullPointerException
> at org.apache.qpid.jms.util.IOExceptionSupport.create(IOExceptionSupport.java:45)
> ... 11 more
> Caused by: java.lang.NullPointerException
> at org.apache.qpid.jms.sasl.CramMD5Mechanism.getChallengeResponse(CramMD5Mechanism.java:57)
> at org.apache.qpid.jms.provider.amqp.AmqpSaslAuthenticator.handleSaslStep(AmqpSaslAuthenticator.java:111)
> at org.apache.qpid.jms.provider.amqp.AmqpSaslAuthenticator.authenticate(AmqpSaslAuthenticator.java:63)
> at org.apache.qpid.jms.provider.amqp.AmqpConnection.processSaslAuthentication(AmqpConnection.java:155)
> at org.apache.qpid.jms.provider.amqp.AmqpProvider.processUpdates(AmqpProvider.java:777)
> ... 9 more{code}
> The PLAIN mechanism actually validates username and password and replaces it with empty string in case they are null. However, setting the password to empty string causes another exception in SecretKeySpec. So the password has to be set for example to space to make it work.
> Is missing username or password (or set to empty string) actually a valid scenario? For example I don't think it can be configured on the Qpid C++ broker.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org