You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@qpid.apache.org by "Alex Rudyy (JIRA)" <ji...@apache.org> on 2018/06/19 12:49:00 UTC

[jira] [Resolved] (QPID-8208) [Broker-J] Improve handling of unexpected exceptions on establishing LDAP connections in SimpleLDAPAuthenticationProvider

     [ https://issues.apache.org/jira/browse/QPID-8208?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Alex Rudyy resolved QPID-8208.
------------------------------
       Resolution: Invalid
    Fix Version/s:     (was: qpid-java-broker-7.0.6)

Closing JIRA as invalid as the root cause of the issue is [JVM defect JDK-8205330|https://bugs.java.com/bugdatabase/view_bug.do?bug_id=JDK-8205330]


> [Broker-J] Improve handling of unexpected exceptions  on establishing LDAP connections in SimpleLDAPAuthenticationProvider
> --------------------------------------------------------------------------------------------------------------------------
>
>                 Key: QPID-8208
>                 URL: https://issues.apache.org/jira/browse/QPID-8208
>             Project: Qpid
>          Issue Type: Improvement
>          Components: Broker-J
>    Affects Versions: qpid-java-6.1.6, qpid-java-broker-7.0.3, qpid-java-broker-7.0.2, 0.32, qpid-java-6.0, qpid-java-6.0.1, qpid-java-6.0.2, qpid-java-6.0.3, qpid-java-6.0.4, qpid-java-6.0.5, qpid-java-6.1, qpid-java-6.0.6, qpid-java-6.1.1, qpid-java-6.1.2, qpid-java-6.0.7, qpid-java-6.1.3, qpid-java-6.0.8, qpid-java-6.1.4, qpid-java-broker-7.0.0, qpid-java-6.1.5, qpid-java-broker-7.0.1, qpid-java-broker-7.0.4
>            Reporter: Alex Rudyy
>            Priority: Critical
>         Attachments: 0001-QPID-8208-Broker-J-Improve-exception-handling.patch
>
>
> There is a weakness in Qpid exception handling when communication with external services like LDAP. The Broker should take a more defensive approach and handle unexpected exceptions thrown by underlying third-party API in addition to exceptions declared in API interfaces. The unexpected exceptions thrown by underlying API should not affect the stability of the Broker. 
> It was reported that on establishment of connection with LDAP using default context factory {{com.sun.jndi.ldap.LdapCtxFactory}} the creation of  {{InitialDirContext}} can end-up in unexpected exception thrown from {{com.sun.jndi.ldap.LdapClient}}. It looks like a defect in {{com.sun.jndi.ldap.LdapClient}}, but I could not find any existing open bug report raised against JVM with similar behaviour. I think that Broker should catch unexpected exception, log it and report authentication failure back to the client.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org