You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Gordon Sim (JIRA)" <ji...@apache.org> on 2011/05/09 12:17:03 UTC
[jira] [Created] (QPID-3246) JMS client on 0-10 codepath sets
chosen mech to PLAIN by default
JMS client on 0-10 codepath sets chosen mech to PLAIN by default
----------------------------------------------------------------
Key: QPID-3246
URL: https://issues.apache.org/jira/browse/QPID-3246
Project: Qpid
Issue Type: Improvement
Reporter: Gordon Sim
would be better to allow the underlying sasl libraries to determine the available mechs from those registered. As it is, changing from PLAIN requires expcliti client configuration for java - there is no negotiation by default.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org
[jira] [Commented] (QPID-3246) JMS client on 0-10 codepath sets
chosen mech to PLAIN by default
Posted by "Gordon Sim (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/QPID-3246?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13030762#comment-13030762 ]
Gordon Sim commented on QPID-3246:
----------------------------------
"If the broker is only supporting ANONYMOUS (or CRAM-MD5) then the client should throw an exception as it's configured to use PLAIN by default."
Right, and that is the problem. If the user hasn't explicitly restricted the acceptable mechanisms to PLAIN, why is the JMS client library doing so on their behalf? If that is what they want they can of course set the sasl_mechs. Barring any explicit restrictions however one would expect the client to allow any mechanism that it supprts and that is offered by the broker to be used (i.e. the "mutually supported list").
> JMS client on 0-10 codepath sets chosen mech to PLAIN by default
> ----------------------------------------------------------------
>
> Key: QPID-3246
> URL: https://issues.apache.org/jira/browse/QPID-3246
> Project: Qpid
> Issue Type: Improvement
> Reporter: Gordon Sim
>
> would be better to allow the underlying sasl libraries to determine the available mechs from those registered. As it is, changing from PLAIN requires expcliti client configuration for java - there is no negotiation by default.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org
[jira] [Commented] (QPID-3246) JMS client on 0-10 codepath sets
chosen mech to PLAIN by default
Posted by "Rajith Attapattu (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/QPID-3246?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13030759#comment-13030759 ]
Rajith Attapattu commented on QPID-3246:
----------------------------------------
Gordon, I looked at the code and it seems we do attempt to select a mutually supported list.
Let me test it out and see if it's indeed the case. If the broker is only supporting ANONYMOUS (or CRAM-MD5) then the client should throw an exception as it's configured to use PLAIN by default.
In the case you tested, was PLAIN one of the mutually supported mechs ? If so then maybe the following might be the problem.
<code>
byte[] response = sc.hasInitialResponse() ? sc.evaluateChallenge(new byte[0]) : null;
conn.connectionStartOk(clientProperties, sc.getMechanismName(), response,conn.getLocale());
</code>
Perhaps the hasInitialResponse always chooses PLAIN if it's in the list.
Or does it choose the most secure mechanism?
I can test this by having a broker configured with both ANONYMOUS, PLAIN
> JMS client on 0-10 codepath sets chosen mech to PLAIN by default
> ----------------------------------------------------------------
>
> Key: QPID-3246
> URL: https://issues.apache.org/jira/browse/QPID-3246
> Project: Qpid
> Issue Type: Improvement
> Reporter: Gordon Sim
>
> would be better to allow the underlying sasl libraries to determine the available mechs from those registered. As it is, changing from PLAIN requires expcliti client configuration for java - there is no negotiation by default.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org
[jira] [Commented] (QPID-3246) JMS client on 0-10 codepath sets
chosen mech to PLAIN by default
Posted by "Gordon Sim (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/QPID-3246?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13030751#comment-13030751 ]
Gordon Sim commented on QPID-3246:
----------------------------------
"The JMS client does look at the mech list supported by the broker and will compile a list of mutually supported mechs." - doesn't seem to. It seems to have PLAIN set as the client-side default.
"Except for PLAIN (and CRAMMD5) every other mechanism needs explicit configuration (Ex KERBEROS, EXTERNAL), therefore specifying the mech explicitly isn't too much trouble either. Infact it's probably better to specify the mech explicitly in the case." - not entirely true, ANONYMOUS for example does not need any configuration. CRAM-MD5 likewise does not get chosen unless explicitly set, even if that is the only mutually supported mechanism.
> JMS client on 0-10 codepath sets chosen mech to PLAIN by default
> ----------------------------------------------------------------
>
> Key: QPID-3246
> URL: https://issues.apache.org/jira/browse/QPID-3246
> Project: Qpid
> Issue Type: Improvement
> Reporter: Gordon Sim
>
> would be better to allow the underlying sasl libraries to determine the available mechs from those registered. As it is, changing from PLAIN requires expcliti client configuration for java - there is no negotiation by default.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org
[jira] [Commented] (QPID-3246) JMS client on 0-10 codepath sets
chosen mech to PLAIN by default
Posted by "Rajith Attapattu (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/QPID-3246?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13030746#comment-13030746 ]
Rajith Attapattu commented on QPID-3246:
----------------------------------------
The JMS client does look at the mech list supported by the broker and will compile a list of mutually supported mechs.
If there are no matching mechs an exception will be thrown.
The client then creates it's SASL client based on the compatible set of mechs and will check to see if there is an initial response. I suspect that this step will always pick PLAIN if it was in the mix. Is that the issue here ?
Except for PLAIN (and CRAMMD5) every other mechanism needs explicit configuration (Ex KERBEROS, EXTERNAL), therefore specifying the mech explicitly isn't too much trouble either. Infact it's probably better to specify the mech explicitly in the case.
Perhaps I misunderstood your point. Could you explain the circumstances behind the issue?
> JMS client on 0-10 codepath sets chosen mech to PLAIN by default
> ----------------------------------------------------------------
>
> Key: QPID-3246
> URL: https://issues.apache.org/jira/browse/QPID-3246
> Project: Qpid
> Issue Type: Improvement
> Reporter: Gordon Sim
>
> would be better to allow the underlying sasl libraries to determine the available mechs from those registered. As it is, changing from PLAIN requires expcliti client configuration for java - there is no negotiation by default.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org
[jira] [Commented] (QPID-3246) JMS client on 0-10 codepath sets
chosen mech to PLAIN by default
Posted by "Gordon Sim (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/QPID-3246?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13030779#comment-13030779 ]
Gordon Sim commented on QPID-3246:
----------------------------------
There is a mechanism in place to dynamically register various available SASL mechanisms. Why not rely on that list if no explicit list is given, rather than coming up with some other hardcoded default?
> JMS client on 0-10 codepath sets chosen mech to PLAIN by default
> ----------------------------------------------------------------
>
> Key: QPID-3246
> URL: https://issues.apache.org/jira/browse/QPID-3246
> Project: Qpid
> Issue Type: Improvement
> Reporter: Gordon Sim
>
> would be better to allow the underlying sasl libraries to determine the available mechs from those registered. As it is, changing from PLAIN requires expcliti client configuration for java - there is no negotiation by default.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org
[jira] [Commented] (QPID-3246) JMS client on 0-10 codepath sets
chosen mech to PLAIN by default
Posted by "Rajith Attapattu (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/QPID-3246?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13030775#comment-13030775 ]
Rajith Attapattu commented on QPID-3246:
----------------------------------------
We could modify the default list to contain ANONYMOUS, PLAIN and CRAM-MD5.
I believe this should solve the issue as all of the above mechs can be supported without additional configuration.
(This is assuming that the connection URL will always have the user information)
> JMS client on 0-10 codepath sets chosen mech to PLAIN by default
> ----------------------------------------------------------------
>
> Key: QPID-3246
> URL: https://issues.apache.org/jira/browse/QPID-3246
> Project: Qpid
> Issue Type: Improvement
> Reporter: Gordon Sim
>
> would be better to allow the underlying sasl libraries to determine the available mechs from those registered. As it is, changing from PLAIN requires expcliti client configuration for java - there is no negotiation by default.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org
[jira] [Issue Comment Edited] (QPID-3246) JMS client on 0-10
codepath sets chosen mech to PLAIN by default
Posted by "Rajith Attapattu (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/QPID-3246?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13030759#comment-13030759 ]
Rajith Attapattu edited comment on QPID-3246 at 5/9/11 3:06 PM:
----------------------------------------------------------------
Gordon, I looked at the code and it seems we do attempt to select a mutually supported list.
Let me test it out and see if it's indeed the case. If the broker is only supporting ANONYMOUS (or CRAM-MD5) then the client should throw an exception as it's configured to use PLAIN by default.
In the case you tested, was PLAIN one of the mutually supported mechs ? If so then maybe the following might be the problem.
<code>
byte[] response = sc.hasInitialResponse() ? sc.evaluateChallenge(new byte[0]) : null;
conn.connectionStartOk(clientProperties, sc.getMechanismName(), response,conn.getLocale());
</code>
Perhaps the hasInitialResponse always chooses PLAIN if it's in the list.
Or does it choose the most secure mechanism?
I can test this by having a broker configured with both ANONYMOUS, PLAIN & CRAM-MD5
was (Author: rajith):
Gordon, I looked at the code and it seems we do attempt to select a mutually supported list.
Let me test it out and see if it's indeed the case. If the broker is only supporting ANONYMOUS (or CRAM-MD5) then the client should throw an exception as it's configured to use PLAIN by default.
In the case you tested, was PLAIN one of the mutually supported mechs ? If so then maybe the following might be the problem.
<code>
byte[] response = sc.hasInitialResponse() ? sc.evaluateChallenge(new byte[0]) : null;
conn.connectionStartOk(clientProperties, sc.getMechanismName(), response,conn.getLocale());
</code>
Perhaps the hasInitialResponse always chooses PLAIN if it's in the list.
Or does it choose the most secure mechanism?
I can test this by having a broker configured with both ANONYMOUS, PLAIN
> JMS client on 0-10 codepath sets chosen mech to PLAIN by default
> ----------------------------------------------------------------
>
> Key: QPID-3246
> URL: https://issues.apache.org/jira/browse/QPID-3246
> Project: Qpid
> Issue Type: Improvement
> Reporter: Gordon Sim
>
> would be better to allow the underlying sasl libraries to determine the available mechs from those registered. As it is, changing from PLAIN requires expcliti client configuration for java - there is no negotiation by default.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org
[jira] [Resolved] (QPID-3246) JMS client on 0-10 codepath sets
chosen mech to PLAIN by default
Posted by "Robbie Gemmell (Resolved) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/QPID-3246?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Robbie Gemmell resolved QPID-3246.
----------------------------------
Resolution: Fixed
Fix Version/s: 0.13
Resolving, linked QPID-3415 changed the 0-10 client to use the same system the 0-9 client does in offering all its supported mechanisms by default, though still allowing the existing manual method of specifying mechs for the 0-10 client to override those defaults.
> JMS client on 0-10 codepath sets chosen mech to PLAIN by default
> ----------------------------------------------------------------
>
> Key: QPID-3246
> URL: https://issues.apache.org/jira/browse/QPID-3246
> Project: Qpid
> Issue Type: Improvement
> Reporter: Gordon Sim
> Fix For: 0.13
>
>
> would be better to allow the underlying sasl libraries to determine the available mechs from those registered. As it is, changing from PLAIN requires expcliti client configuration for java - there is no negotiation by default.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org