You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@activemq.apache.org by "Timothy Bish (Commented) (JIRA)" <ji...@apache.org> on 2011/12/20 15:03:31 UTC

[jira] [Commented] (AMQ-3625) NullPointer Exceptions when networked broker sends certificate with an invalid user name

    [ https://issues.apache.org/jira/browse/AMQ-3625?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13173204#comment-13173204 ] 

Timothy Bish commented on AMQ-3625:
-----------------------------------

The patch doesn't address the real issue here which is that the TransportConnection is continuing to process incoming commands from the its Transport after the detection of a Security violation from the Connection request.  It seems that the safer thing to do here would be to block processing of any additional incoming commands and terminate the connection after sending back a ConnectionError command to the connecting client.
                
> NullPointer Exceptions when networked broker sends certificate with an invalid user name
> ----------------------------------------------------------------------------------------
>
>                 Key: AMQ-3625
>                 URL: https://issues.apache.org/jira/browse/AMQ-3625
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: Broker
>    Affects Versions: 5.5.1
>            Reporter: Stan Lewis
>            Priority: Minor
>         Attachments: 0001-Avoid-NPE.patch
>
>
> Couple NPEs pop out when a connecting one broker to another using authentication if the authentication fails:
> WARN | Failed to add Connection ID:Susan-Javureks-MacBook-Pro-3.local-53150-1322608354523-5:1, reason: java.lang.SecurityException: User name [null] or password is invalid. No user for client certificate: CN=Dave Stanley, OU=FuseSource, O=Progress, L=Unknown, ST=MA, C=US
> WARN | Async error occurred: java.lang.SecurityException: User name [null] or password is invalid. No user for client certificate: CN=Dave Stanley, OU=FuseSource, O=Progress, L=Unknown, ST=MA, C=US
> java.lang.SecurityException: User name [null] or password is invalid. No user for client certificate: CN=Dave Stanley, OU=FuseSource, O=Progress, L=Unknown, ST=MA, C=US
> at org.apache.activemq.security.JaasCertificateAuthenticationBroker.addConnection(JaasCertificateAuthenticationBroker.java:102)
> at org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:85)
> at org.apache.activemq.broker.MutableBrokerFilter.addConnection(MutableBrokerFilter.java:91)
> at org.apache.activemq.broker.TransportConnection.processAddConnection(TransportConnection.java:707)
> at org.apache.activemq.broker.jmx.ManagedTransportConnection.processAddConnection(ManagedTransportConnection.java:77)
> at org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:139)
> at org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:318)
> at org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:181)
> at org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java:69)
> at org.apache.activemq.transport.WireFormatNegotiator.onCommand(WireFormatNegotiator.java:113)
> at org.apache.activemq.transport.InactivityMonitor.onCommand(InactivityMonitor.java:227)
> at org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:83)
> at org.apache.activemq.transport.tcp.SslTransport.doConsume(SslTransport.java:91)
> at org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:223)
> at org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:205)
> at java.lang.Thread.run(Thread.java:680)
> Caused by: javax.security.auth.login.FailedLoginException: No user for client certificate: CN=Dave Stanley, OU=FuseSource, O=Progress, L=Unknown, ST=MA, C=US
> at org.apache.activemq.jaas.CertificateLoginModule.login(CertificateLoginModule.java:93)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
> at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
> at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
> at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
> at org.apache.activemq.security.JaasCertificateAuthenticationBroker.addConnection(JaasCertificateAuthenticationBroker.java:87)
> ... 15 more
> {color:red}WARN | Async error occurred: java.lang.NullPointerException
> java.lang.NullPointerException{color}
> at org.apache.activemq.broker.TransportConnection.processAddProducer(TransportConnection.java:512)
> at org.apache.activemq.command.ProducerInfo.visit(ProducerInfo.java:105)
> at org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:318)
> at org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:181)
> at org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java:69)
> at org.apache.activemq.transport.WireFormatNegotiator.onCommand(WireFormatNegotiator.java:113)
> at org.apache.activemq.transport.InactivityMonitor.onCommand(InactivityMonitor.java:227)
> at org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:83)
> at org.apache.activemq.transport.tcp.SslTransport.doConsume(SslTransport.java:91)
> at org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:223)
> at org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:205)
> at java.lang.Thread.run(Thread.java:680)
> WARN | {color:red}Async error occurred: java.lang.NullPointerException
> java.lang.NullPointerException{color}
> at org.apache.activemq.broker.TransportConnection.processAddConsumer(TransportConnection.java:551)
> at org.apache.activemq.command.ConsumerInfo.visit(ConsumerInfo.java:349)
> at org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:318)
> at org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:181)
> at org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java:69)
> at org.apache.activemq.transport.WireFormatNegotiator.onCommand(WireFormatNegotiator.java:113)
> at org.apache.activemq.transport.InactivityMonitor.onCommand(InactivityMonitor.java:227)
> at org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:83)
> at org.apache.activemq.transport.tcp.SslTransport.doConsume(SslTransport.java:91)
> at org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:223)
> at org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:205)
> at java.lang.Thread.run(Thread.java:680)
> In this case the actual problem is the certificate doesn't match the configured password, but the two NPEs after this exception don't look good.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira