You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Alex Rudyy (JIRA)" <ji...@apache.org> on 2018/06/19 12:49:00 UTC
[jira] [Resolved] (QPID-8208) [Broker-J] Improve handling of
unexpected exceptions on establishing LDAP connections in
SimpleLDAPAuthenticationProvider
[ https://issues.apache.org/jira/browse/QPID-8208?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alex Rudyy resolved QPID-8208.
------------------------------
Resolution: Invalid
Fix Version/s: (was: qpid-java-broker-7.0.6)
Closing JIRA as invalid as the root cause of the issue is [JVM defect JDK-8205330|https://bugs.java.com/bugdatabase/view_bug.do?bug_id=JDK-8205330]
> [Broker-J] Improve handling of unexpected exceptions on establishing LDAP connections in SimpleLDAPAuthenticationProvider
> --------------------------------------------------------------------------------------------------------------------------
>
> Key: QPID-8208
> URL: https://issues.apache.org/jira/browse/QPID-8208
> Project: Qpid
> Issue Type: Improvement
> Components: Broker-J
> Affects Versions: qpid-java-6.1.6, qpid-java-broker-7.0.3, qpid-java-broker-7.0.2, 0.32, qpid-java-6.0, qpid-java-6.0.1, qpid-java-6.0.2, qpid-java-6.0.3, qpid-java-6.0.4, qpid-java-6.0.5, qpid-java-6.1, qpid-java-6.0.6, qpid-java-6.1.1, qpid-java-6.1.2, qpid-java-6.0.7, qpid-java-6.1.3, qpid-java-6.0.8, qpid-java-6.1.4, qpid-java-broker-7.0.0, qpid-java-6.1.5, qpid-java-broker-7.0.1, qpid-java-broker-7.0.4
> Reporter: Alex Rudyy
> Priority: Critical
> Attachments: 0001-QPID-8208-Broker-J-Improve-exception-handling.patch
>
>
> There is a weakness in Qpid exception handling when communication with external services like LDAP. The Broker should take a more defensive approach and handle unexpected exceptions thrown by underlying third-party API in addition to exceptions declared in API interfaces. The unexpected exceptions thrown by underlying API should not affect the stability of the Broker.
> It was reported that on establishment of connection with LDAP using default context factory {{com.sun.jndi.ldap.LdapCtxFactory}} the creation of {{InitialDirContext}} can end-up in unexpected exception thrown from {{com.sun.jndi.ldap.LdapClient}}. It looks like a defect in {{com.sun.jndi.ldap.LdapClient}}, but I could not find any existing open bug report raised against JVM with similar behaviour. I think that Broker should catch unexpected exception, log it and report authentication failure back to the client.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org