You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@qpid.apache.org by Fraser Adams <fr...@blueyonder.co.uk> on 2013/01/25 11:07:29 UTC

Could somebody *please* explain Java Connection URLs...:-)

It's a little embarrassing 'cause I've kind of been using these for a 
couple of years, but as they are ever so slightly obtuse :-> I've 
generally been lazy/pragmatic and did copy'n'paste of things that have 
worked.


Because of the various URL differences (the ones used by the python 
tools, the qpid::messaging amqp URL and the Java ConnectionURL I also 
wrote a ConnectionHelper class to allow me to specify URLs in any 
format). This class basically creates a Java ConnectionURL with sensible 
values filled in when I specify one of the shorter (AKA more 
convenient!!) formats.

I'm generally OK on the brokerList sub URLs and the options I put in 
there seem to be fine.....

However I've just been bitten. 'Cause I've been a bit lazy and mostly 
tested and tinkered with qpidd --auth no or actually used a proper 
user/password I ended up having defaults of guest:guest in 
ConnectionHelper. This hasn't hitherto been an issue for me but standing 
up a vanilla qpidd with auth yes the unsecured authentication username 
is anonymous *not* guest.....



The documentation 
http://qpid.apache.org/books/0.20/Programming-In-Apache-Qpid/html/QpidJNDI.html#id2553965 
says:

amqp://[<user>:<pass>@][<clientid>]<virtualhost>[?<option>='<value>'[&<option>='<value>']]

But I'm not convinced that's accurate. I've been hacking around with a 
few ConnectionURLs in a JNDI file and

# simple URL with user = guest
#connectionfactory.ConnectionFactory = 
amqp://guest:guest@clientid/test?brokerlist='tcp://localhost:5672'

# Omitting the clientid bit seems to work OK
#connectionfactory.ConnectionFactory = 
amqp://guest:guest@/test?brokerlist='tcp://localhost:5672'

# Omitting the virtualhost bit seems to work too, but the slash is 
important e.g. /test and / work test does not??
#connectionfactory.ConnectionFactory = 
amqp://guest:guest@/?brokerlist='tcp://localhost:5672'


But I *cannot* get/figure out how to do anonymous from a Java Client to 
a C++ broker.

According to the BNF form in the documentation
connectionfactory.ConnectionFactory = 
amqp://clientid/test?brokerlist='tcp://localhost:5672'

*should* work as [<user>:<pass>@] ought to be optional, but that just 
gives "connectionFactory lookup failed, retrying" with both --auth no 
and --auth yes

Same for

connectionfactory.ConnectionFactory = 
amqp://@clientid/test?brokerlist='tcp://localhost:5672'

If I do

connectionfactory.ConnectionFactory = 
amqp://:@clientid/test?brokerlist='tcp://localhost:5672'

That actually connects to a broker with --auth no, but barfs with an 
error "warning Failed to retrieve sasl username" on a broker with --auth yes

connectionfactory.ConnectionFactory = 
amqp://anonymous:@clientid/test?brokerlist='tcp://localhost:5672'
Actually connects to a broker with --auth no, but barfs with no error on 
a broker with --auth yes and a "connectionFactory lookup failed, retrying"

When I add info logging I get

main 2013-01-25 09:51:26,539 INFO [apache.qpid.client.AMQConnection] 
Connection:amqp://anonymous:********@clientid/test?brokerlist='tcp://localhost:5672'
main 2013-01-25 09:51:26,973 INFO 
[qpid.client.protocol.AMQProtocolSession] Using ProtocolVersion for 
Session:0-10
main 2013-01-25 09:51:26,995 INFO 
[qpid.client.handler.ClientMethodDispatcherImpl] New Method 
Dispatcher:AMQProtocolSession[null]
main 2013-01-25 09:51:27,016 INFO [apache.qpid.client.AMQConnection] 
Connecting with ProtocolHandler Version:0-10
main 2013-01-25 09:51:27,167 INFO [apache.qpid.client.AMQConnection] 
Unable to connect to broker at tcp://localhost:5672
org.apache.qpid.AMQException: *Cannot connect to broker: 
connection-forced: Authentication failed [error code 320: context in use*]
     at 
org.apache.qpid.client.AMQConnectionDelegate_0_10.makeBrokerConnection(AMQConnectionDelegate_0_10.java:203)
     at 
org.apache.qpid.client.AMQConnection.makeBrokerConnection(AMQConnection.java:609)
     at org.apache.qpid.client.A...............

Logging at DEBUG doesn't give any more useful info.

I've tried

connectionfactory.ConnectionFactory = 
amqp://anonymous:anonymous@clientid/test?brokerlist='tcp://localhost:5672'
connectionfactory.ConnectionFactory = 
amqp://anonymous:""@clientid/test?brokerlist='tcp://localhost:5672'
connectionfactory.ConnectionFactory = 
amqp://anonymous:''@clientid/test?brokerlist='tcp://localhost:5672'
connectionfactory.ConnectionFactory = amqp://anonymous: 
@clientid/test?brokerlist='tcp://localhost:5672'


and they *all* barf out :-(

So could someone please tell me what the magic incantation is on a Java 
ConnectionURL for connecting with anonymous from a Java Client to a C++ 
broker.

just to confirm too that I've tried qpid-config with no parameters to 
the same broker with auth on and off and that works fine so it looks 
like anonymous "authentication" is actually working, just not with Java.

I'm still using 0.12 if that makes any difference (hope to hit 0.20 soon 
but wanted to look at this first)


Any ideas??

Cheers,
Frase

Re: Could somebody *please* explain Java Connection URLs...:-)

Posted by Pavel Moravec <pm...@redhat.com>.
Hi Fraser,
sorry for later response, I was in a rush at work.

Yes my patch talks about internal variables "username" and "password".

Your suggestion makes sense - could you please attach it as a comment to the JIRA?

Thanks,
Pavel


----- Original Message -----
> From: "Fraser Adams" <fr...@blueyonder.co.uk>
> To: users@qpid.apache.org
> Sent: Friday, January 25, 2013 1:15:07 PM
> Subject: Re: Could somebody *please* explain Java Connection URLs...:-)
> 
> Hi Pavel,
> Thanks so much for the reply!
> So I'm thinking that this has always been the case with Java (despite
> the Jira referring to 0.18)? I'm thinking this is why I always ended
> up
> using guest:guest@ URLs when I started out, but it was a long time
> ago :-)
> 
> 
> You mention in the Jira comments at one point about:
> 
> "New version of patch. It again sets username to "anonymous" and
> password to "" (only when the credentials are missing)"
> 
> As I mentioned in my ramble below I actually tried *explicitly*
> doing:
> 
> amqp://anonymous:""@clientid/test?brokerlist='tcp://localhost:5672'
> 
> 
> in one of my tests, but that resulted in:
> 
> connectionfactory.ConnectionFactory=amqp://anonymous:""@clientid/test?brokerlist='tcp://localhost:5672',
> destination.publishedAddress=amq.match}
> main 2013-01-25 11:48:53,809 WARN
> [apache.qpid.jndi.PropertiesFileInitialContextFactory] Unable to
> createFactories:Illegal character in authority between indicies 7 and
> 1
> amqp://anonymous:""@clientid/test?brokerlist='tcp://localhost:5672'
>         ^
> createJMSSession() connectionFactory lookup failed, retrying
> 
> 
> 
> So I'm guessing that what you are talking about is "under the hood"
> and
> bypasses that particular test?? I personally think that this bug
> notice
> should be extended to cover implicit *and* explicit settings of
> anonymous - what d'you reckon?
> 
> 
> 
> The reason that I'm particularly interested in this issue now is that
> Bruno Matos noticed an issue with my recent Qpid GUI (well really in
> the
> back-end REST Server). He was running with a broker set to the
> default
> --auth yes and got the exception:
> 
> INFO org.apache.qpid.client.AMQConnection - Not a hard-error
> connection
> not closing: org.apache.qpid.AMQException: ch=1 id=7
> ExecutionException(errorCode=UNAUTHORIZED_ACCESS, commandId=14,
> classCode=0, commandCode=0, fieldIndex=0,
> description=unauthorized-access: authorised user id : anonymous@QPID
> but
> user id in message declared as guest
> (qpid/broker/SemanticState.cpp:484), errorInfo={}) [error code 403:
> access refused]
> 
> 
> So my reckoning was that issue was down to my ConnectionHelper class
> constructing a ConnectionURL of the form
> "amqp://guest:guest@clientid........" when no user/passwd is
> specified
> (which would be the case for a default URL created if no "-a" option
> had
> been specified).
> 
> I was planning on looking into that (defaulting it to anonymous
> rather
> than guest), hence my investigations, but it's looking like the
> underlying issue is deeper than my code. I guess that even when your
> patch makes it into the code base I'm going to have to be careful
> 'cause
> any patch will only work for up-to-date versions on the client
> runtime.
> 
> 
> Do you have any thoughts for a way 'round this or is Bruno (and
> others)
> just going to have to add guest as well as anonymous (or use proper
> usernames/passwds) if they run with --auth yes
> 
> Cheers (thanks for restoring my sanity :-))
> 
> Sorry Bruno - not sure there's much I can do to sort that particular
> issue that you'd seen unless Pavel has any good ideas here (though as
> I
> said previously you should be able to specify your own default
> connection using the -a option in QpidRestAPI so that the GUI will
> use
> that as the default - rather than having to add a new connection on
> the GUI)
> Frase
> 
> 
> 
> 
> On 25/01/13 10:41, Pavel Moravec wrote:
> > Hi Fraser,
> > there is a bug in Java client disallowing no credentials option,
> > see https://issues.apache.org/jira/browse/QPID-3396.
> >
> > Kind regards,
> > Pavel
> >
> >
> > ----- Original Message -----
> >> From: "Fraser Adams" <fr...@blueyonder.co.uk>
> >> To: users@qpid.apache.org
> >> Sent: Friday, January 25, 2013 11:07:29 AM
> >> Subject: Could somebody *please* explain Java Connection
> >> URLs...:-)
> >>
> >> It's a little embarrassing 'cause I've kind of been using these
> >> for a
> >> couple of years, but as they are ever so slightly obtuse :-> I've
> >> generally been lazy/pragmatic and did copy'n'paste of things that
> >> have
> >> worked.
> >>
> >>
> >> Because of the various URL differences (the ones used by the
> >> python
> >> tools, the qpid::messaging amqp URL and the Java ConnectionURL I
> >> also
> >> wrote a ConnectionHelper class to allow me to specify URLs in any
> >> format). This class basically creates a Java ConnectionURL with
> >> sensible
> >> values filled in when I specify one of the shorter (AKA more
> >> convenient!!) formats.
> >>
> >> I'm generally OK on the brokerList sub URLs and the options I put
> >> in
> >> there seem to be fine.....
> >>
> >> However I've just been bitten. 'Cause I've been a bit lazy and
> >> mostly
> >> tested and tinkered with qpidd --auth no or actually used a proper
> >> user/password I ended up having defaults of guest:guest in
> >> ConnectionHelper. This hasn't hitherto been an issue for me but
> >> standing
> >> up a vanilla qpidd with auth yes the unsecured authentication
> >> username
> >> is anonymous *not* guest.....
> >>
> >>
> >>
> >> The documentation
> >> http://qpid.apache.org/books/0.20/Programming-In-Apache-Qpid/html/QpidJNDI.html#id2553965
> >> says:
> >>
> >> amqp://[<user>:<pass>@][<clientid>]<virtualhost>[?<option>='<value>'[&<option>='<value>']]
> >>
> >> But I'm not convinced that's accurate. I've been hacking around
> >> with
> >> a
> >> few ConnectionURLs in a JNDI file and
> >>
> >> # simple URL with user = guest
> >> #connectionfactory.ConnectionFactory =
> >> amqp://guest:guest@clientid/test?brokerlist='tcp://localhost:5672'
> >>
> >> # Omitting the clientid bit seems to work OK
> >> #connectionfactory.ConnectionFactory =
> >> amqp://guest:guest@/test?brokerlist='tcp://localhost:5672'
> >>
> >> # Omitting the virtualhost bit seems to work too, but the slash is
> >> important e.g. /test and / work test does not??
> >> #connectionfactory.ConnectionFactory =
> >> amqp://guest:guest@/?brokerlist='tcp://localhost:5672'
> >>
> >>
> >> But I *cannot* get/figure out how to do anonymous from a Java
> >> Client
> >> to
> >> a C++ broker.
> >>
> >> According to the BNF form in the documentation
> >> connectionfactory.ConnectionFactory =
> >> amqp://clientid/test?brokerlist='tcp://localhost:5672'
> >>
> >> *should* work as [<user>:<pass>@] ought to be optional, but that
> >> just
> >> gives "connectionFactory lookup failed, retrying" with both --auth
> >> no
> >> and --auth yes
> >>
> >> Same for
> >>
> >> connectionfactory.ConnectionFactory =
> >> amqp://@clientid/test?brokerlist='tcp://localhost:5672'
> >>
> >> If I do
> >>
> >> connectionfactory.ConnectionFactory =
> >> amqp://:@clientid/test?brokerlist='tcp://localhost:5672'
> >>
> >> That actually connects to a broker with --auth no, but barfs with
> >> an
> >> error "warning Failed to retrieve sasl username" on a broker with
> >> --auth yes
> >>
> >> connectionfactory.ConnectionFactory =
> >> amqp://anonymous:@clientid/test?brokerlist='tcp://localhost:5672'
> >> Actually connects to a broker with --auth no, but barfs with no
> >> error
> >> on
> >> a broker with --auth yes and a "connectionFactory lookup failed,
> >> retrying"
> >>
> >> When I add info logging I get
> >>
> >> main 2013-01-25 09:51:26,539 INFO
> >> [apache.qpid.client.AMQConnection]
> >> Connection:amqp://anonymous:********@clientid/test?brokerlist='tcp://localhost:5672'
> >> main 2013-01-25 09:51:26,973 INFO
> >> [qpid.client.protocol.AMQProtocolSession] Using ProtocolVersion
> >> for
> >> Session:0-10
> >> main 2013-01-25 09:51:26,995 INFO
> >> [qpid.client.handler.ClientMethodDispatcherImpl] New Method
> >> Dispatcher:AMQProtocolSession[null]
> >> main 2013-01-25 09:51:27,016 INFO
> >> [apache.qpid.client.AMQConnection]
> >> Connecting with ProtocolHandler Version:0-10
> >> main 2013-01-25 09:51:27,167 INFO
> >> [apache.qpid.client.AMQConnection]
> >> Unable to connect to broker at tcp://localhost:5672
> >> org.apache.qpid.AMQException: *Cannot connect to broker:
> >> connection-forced: Authentication failed [error code 320: context
> >> in
> >> use*]
> >>       at
> >> org.apache.qpid.client.AMQConnectionDelegate_0_10.makeBrokerConnection(AMQConnectionDelegate_0_10.java:203)
> >>       at
> >> org.apache.qpid.client.AMQConnection.makeBrokerConnection(AMQConnection.java:609)
> >>       at org.apache.qpid.client.A...............
> >>
> >> Logging at DEBUG doesn't give any more useful info.
> >>
> >> I've tried
> >>
> >> connectionfactory.ConnectionFactory =
> >> amqp://anonymous:anonymous@clientid/test?brokerlist='tcp://localhost:5672'
> >> connectionfactory.ConnectionFactory =
> >> amqp://anonymous:""@clientid/test?brokerlist='tcp://localhost:5672'
> >> connectionfactory.ConnectionFactory =
> >> amqp://anonymous:''@clientid/test?brokerlist='tcp://localhost:5672'
> >> connectionfactory.ConnectionFactory = amqp://anonymous:
> >> @clientid/test?brokerlist='tcp://localhost:5672'
> >>
> >>
> >> and they *all* barf out :-(
> >>
> >> So could someone please tell me what the magic incantation is on a
> >> Java
> >> ConnectionURL for connecting with anonymous from a Java Client to
> >> a
> >> C++
> >> broker.
> >>
> >> just to confirm too that I've tried qpid-config with no parameters
> >> to
> >> the same broker with auth on and off and that works fine so it
> >> looks
> >> like anonymous "authentication" is actually working, just not with
> >> Java.
> >>
> >> I'm still using 0.12 if that makes any difference (hope to hit
> >> 0.20
> >> soon
> >> but wanted to look at this first)
> >>
> >>
> >> Any ideas??
> >>
> >> Cheers,
> >> Frase
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
> > For additional commands, e-mail: users-help@qpid.apache.org
> >
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
> For additional commands, e-mail: users-help@qpid.apache.org
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org

Re: Could somebody *please* explain Java Connection URLs...:-)

Posted by Fraser Adams <fr...@blueyonder.co.uk>.
Hi Pavel,
Thanks so much for the reply!
So I'm thinking that this has always been the case with Java (despite 
the Jira referring to 0.18)? I'm thinking this is why I always ended up 
using guest:guest@ URLs when I started out, but it was a long time ago :-)


You mention in the Jira comments at one point about:

"New version of patch. It again sets username to "anonymous" and 
password to "" (only when the credentials are missing)"

As I mentioned in my ramble below I actually tried *explicitly* doing:

amqp://anonymous:""@clientid/test?brokerlist='tcp://localhost:5672'


in one of my tests, but that resulted in:

connectionfactory.ConnectionFactory=amqp://anonymous:""@clientid/test?brokerlist='tcp://localhost:5672', 
destination.publishedAddress=amq.match}
main 2013-01-25 11:48:53,809 WARN 
[apache.qpid.jndi.PropertiesFileInitialContextFactory] Unable to 
createFactories:Illegal character in authority between indicies 7 and 1
amqp://anonymous:""@clientid/test?brokerlist='tcp://localhost:5672'
        ^
createJMSSession() connectionFactory lookup failed, retrying



So I'm guessing that what you are talking about is "under the hood" and 
bypasses that particular test?? I personally think that this bug notice 
should be extended to cover implicit *and* explicit settings of 
anonymous - what d'you reckon?



The reason that I'm particularly interested in this issue now is that 
Bruno Matos noticed an issue with my recent Qpid GUI (well really in the 
back-end REST Server). He was running with a broker set to the default 
--auth yes and got the exception:

INFO org.apache.qpid.client.AMQConnection - Not a hard-error connection
not closing: org.apache.qpid.AMQException: ch=1 id=7
ExecutionException(errorCode=UNAUTHORIZED_ACCESS, commandId=14,
classCode=0, commandCode=0, fieldIndex=0,
description=unauthorized-access: authorised user id : anonymous@QPID but
user id in message declared as guest
(qpid/broker/SemanticState.cpp:484), errorInfo={}) [error code 403:
access refused]


So my reckoning was that issue was down to my ConnectionHelper class 
constructing a ConnectionURL of the form 
"amqp://guest:guest@clientid........" when no user/passwd is specified 
(which would be the case for a default URL created if no "-a" option had 
been specified).

I was planning on looking into that (defaulting it to anonymous rather 
than guest), hence my investigations, but it's looking like the 
underlying issue is deeper than my code. I guess that even when your 
patch makes it into the code base I'm going to have to be careful 'cause 
any patch will only work for up-to-date versions on the client runtime.


Do you have any thoughts for a way 'round this or is Bruno (and others) 
just going to have to add guest as well as anonymous (or use proper 
usernames/passwds) if they run with --auth yes

Cheers (thanks for restoring my sanity :-))

Sorry Bruno - not sure there's much I can do to sort that particular 
issue that you'd seen unless Pavel has any good ideas here (though as I 
said previously you should be able to specify your own default 
connection using the -a option in QpidRestAPI so that the GUI will use 
that as the default - rather than having to add a new connection on the GUI)
Frase




On 25/01/13 10:41, Pavel Moravec wrote:
> Hi Fraser,
> there is a bug in Java client disallowing no credentials option, see https://issues.apache.org/jira/browse/QPID-3396.
>
> Kind regards,
> Pavel
>
>
> ----- Original Message -----
>> From: "Fraser Adams" <fr...@blueyonder.co.uk>
>> To: users@qpid.apache.org
>> Sent: Friday, January 25, 2013 11:07:29 AM
>> Subject: Could somebody *please* explain Java Connection URLs...:-)
>>
>> It's a little embarrassing 'cause I've kind of been using these for a
>> couple of years, but as they are ever so slightly obtuse :-> I've
>> generally been lazy/pragmatic and did copy'n'paste of things that
>> have
>> worked.
>>
>>
>> Because of the various URL differences (the ones used by the python
>> tools, the qpid::messaging amqp URL and the Java ConnectionURL I also
>> wrote a ConnectionHelper class to allow me to specify URLs in any
>> format). This class basically creates a Java ConnectionURL with
>> sensible
>> values filled in when I specify one of the shorter (AKA more
>> convenient!!) formats.
>>
>> I'm generally OK on the brokerList sub URLs and the options I put in
>> there seem to be fine.....
>>
>> However I've just been bitten. 'Cause I've been a bit lazy and mostly
>> tested and tinkered with qpidd --auth no or actually used a proper
>> user/password I ended up having defaults of guest:guest in
>> ConnectionHelper. This hasn't hitherto been an issue for me but
>> standing
>> up a vanilla qpidd with auth yes the unsecured authentication
>> username
>> is anonymous *not* guest.....
>>
>>
>>
>> The documentation
>> http://qpid.apache.org/books/0.20/Programming-In-Apache-Qpid/html/QpidJNDI.html#id2553965
>> says:
>>
>> amqp://[<user>:<pass>@][<clientid>]<virtualhost>[?<option>='<value>'[&<option>='<value>']]
>>
>> But I'm not convinced that's accurate. I've been hacking around with
>> a
>> few ConnectionURLs in a JNDI file and
>>
>> # simple URL with user = guest
>> #connectionfactory.ConnectionFactory =
>> amqp://guest:guest@clientid/test?brokerlist='tcp://localhost:5672'
>>
>> # Omitting the clientid bit seems to work OK
>> #connectionfactory.ConnectionFactory =
>> amqp://guest:guest@/test?brokerlist='tcp://localhost:5672'
>>
>> # Omitting the virtualhost bit seems to work too, but the slash is
>> important e.g. /test and / work test does not??
>> #connectionfactory.ConnectionFactory =
>> amqp://guest:guest@/?brokerlist='tcp://localhost:5672'
>>
>>
>> But I *cannot* get/figure out how to do anonymous from a Java Client
>> to
>> a C++ broker.
>>
>> According to the BNF form in the documentation
>> connectionfactory.ConnectionFactory =
>> amqp://clientid/test?brokerlist='tcp://localhost:5672'
>>
>> *should* work as [<user>:<pass>@] ought to be optional, but that just
>> gives "connectionFactory lookup failed, retrying" with both --auth no
>> and --auth yes
>>
>> Same for
>>
>> connectionfactory.ConnectionFactory =
>> amqp://@clientid/test?brokerlist='tcp://localhost:5672'
>>
>> If I do
>>
>> connectionfactory.ConnectionFactory =
>> amqp://:@clientid/test?brokerlist='tcp://localhost:5672'
>>
>> That actually connects to a broker with --auth no, but barfs with an
>> error "warning Failed to retrieve sasl username" on a broker with
>> --auth yes
>>
>> connectionfactory.ConnectionFactory =
>> amqp://anonymous:@clientid/test?brokerlist='tcp://localhost:5672'
>> Actually connects to a broker with --auth no, but barfs with no error
>> on
>> a broker with --auth yes and a "connectionFactory lookup failed,
>> retrying"
>>
>> When I add info logging I get
>>
>> main 2013-01-25 09:51:26,539 INFO [apache.qpid.client.AMQConnection]
>> Connection:amqp://anonymous:********@clientid/test?brokerlist='tcp://localhost:5672'
>> main 2013-01-25 09:51:26,973 INFO
>> [qpid.client.protocol.AMQProtocolSession] Using ProtocolVersion for
>> Session:0-10
>> main 2013-01-25 09:51:26,995 INFO
>> [qpid.client.handler.ClientMethodDispatcherImpl] New Method
>> Dispatcher:AMQProtocolSession[null]
>> main 2013-01-25 09:51:27,016 INFO [apache.qpid.client.AMQConnection]
>> Connecting with ProtocolHandler Version:0-10
>> main 2013-01-25 09:51:27,167 INFO [apache.qpid.client.AMQConnection]
>> Unable to connect to broker at tcp://localhost:5672
>> org.apache.qpid.AMQException: *Cannot connect to broker:
>> connection-forced: Authentication failed [error code 320: context in
>> use*]
>>       at
>> org.apache.qpid.client.AMQConnectionDelegate_0_10.makeBrokerConnection(AMQConnectionDelegate_0_10.java:203)
>>       at
>> org.apache.qpid.client.AMQConnection.makeBrokerConnection(AMQConnection.java:609)
>>       at org.apache.qpid.client.A...............
>>
>> Logging at DEBUG doesn't give any more useful info.
>>
>> I've tried
>>
>> connectionfactory.ConnectionFactory =
>> amqp://anonymous:anonymous@clientid/test?brokerlist='tcp://localhost:5672'
>> connectionfactory.ConnectionFactory =
>> amqp://anonymous:""@clientid/test?brokerlist='tcp://localhost:5672'
>> connectionfactory.ConnectionFactory =
>> amqp://anonymous:''@clientid/test?brokerlist='tcp://localhost:5672'
>> connectionfactory.ConnectionFactory = amqp://anonymous:
>> @clientid/test?brokerlist='tcp://localhost:5672'
>>
>>
>> and they *all* barf out :-(
>>
>> So could someone please tell me what the magic incantation is on a
>> Java
>> ConnectionURL for connecting with anonymous from a Java Client to a
>> C++
>> broker.
>>
>> just to confirm too that I've tried qpid-config with no parameters to
>> the same broker with auth on and off and that works fine so it looks
>> like anonymous "authentication" is actually working, just not with
>> Java.
>>
>> I'm still using 0.12 if that makes any difference (hope to hit 0.20
>> soon
>> but wanted to look at this first)
>>
>>
>> Any ideas??
>>
>> Cheers,
>> Frase
>>
>>
>>
>>
>>
>>
>>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
> For additional commands, e-mail: users-help@qpid.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org

Re: Could somebody *please* explain Java Connection URLs...:-)

Posted by Pavel Moravec <pm...@redhat.com>.
Hi Fraser,
there is a bug in Java client disallowing no credentials option, see https://issues.apache.org/jira/browse/QPID-3396.

Kind regards,
Pavel


----- Original Message -----
> From: "Fraser Adams" <fr...@blueyonder.co.uk>
> To: users@qpid.apache.org
> Sent: Friday, January 25, 2013 11:07:29 AM
> Subject: Could somebody *please* explain Java Connection URLs...:-)
> 
> It's a little embarrassing 'cause I've kind of been using these for a
> couple of years, but as they are ever so slightly obtuse :-> I've
> generally been lazy/pragmatic and did copy'n'paste of things that
> have
> worked.
> 
> 
> Because of the various URL differences (the ones used by the python
> tools, the qpid::messaging amqp URL and the Java ConnectionURL I also
> wrote a ConnectionHelper class to allow me to specify URLs in any
> format). This class basically creates a Java ConnectionURL with
> sensible
> values filled in when I specify one of the shorter (AKA more
> convenient!!) formats.
> 
> I'm generally OK on the brokerList sub URLs and the options I put in
> there seem to be fine.....
> 
> However I've just been bitten. 'Cause I've been a bit lazy and mostly
> tested and tinkered with qpidd --auth no or actually used a proper
> user/password I ended up having defaults of guest:guest in
> ConnectionHelper. This hasn't hitherto been an issue for me but
> standing
> up a vanilla qpidd with auth yes the unsecured authentication
> username
> is anonymous *not* guest.....
> 
> 
> 
> The documentation
> http://qpid.apache.org/books/0.20/Programming-In-Apache-Qpid/html/QpidJNDI.html#id2553965
> says:
> 
> amqp://[<user>:<pass>@][<clientid>]<virtualhost>[?<option>='<value>'[&<option>='<value>']]
> 
> But I'm not convinced that's accurate. I've been hacking around with
> a
> few ConnectionURLs in a JNDI file and
> 
> # simple URL with user = guest
> #connectionfactory.ConnectionFactory =
> amqp://guest:guest@clientid/test?brokerlist='tcp://localhost:5672'
> 
> # Omitting the clientid bit seems to work OK
> #connectionfactory.ConnectionFactory =
> amqp://guest:guest@/test?brokerlist='tcp://localhost:5672'
> 
> # Omitting the virtualhost bit seems to work too, but the slash is
> important e.g. /test and / work test does not??
> #connectionfactory.ConnectionFactory =
> amqp://guest:guest@/?brokerlist='tcp://localhost:5672'
> 
> 
> But I *cannot* get/figure out how to do anonymous from a Java Client
> to
> a C++ broker.
> 
> According to the BNF form in the documentation
> connectionfactory.ConnectionFactory =
> amqp://clientid/test?brokerlist='tcp://localhost:5672'
> 
> *should* work as [<user>:<pass>@] ought to be optional, but that just
> gives "connectionFactory lookup failed, retrying" with both --auth no
> and --auth yes
> 
> Same for
> 
> connectionfactory.ConnectionFactory =
> amqp://@clientid/test?brokerlist='tcp://localhost:5672'
> 
> If I do
> 
> connectionfactory.ConnectionFactory =
> amqp://:@clientid/test?brokerlist='tcp://localhost:5672'
> 
> That actually connects to a broker with --auth no, but barfs with an
> error "warning Failed to retrieve sasl username" on a broker with
> --auth yes
> 
> connectionfactory.ConnectionFactory =
> amqp://anonymous:@clientid/test?brokerlist='tcp://localhost:5672'
> Actually connects to a broker with --auth no, but barfs with no error
> on
> a broker with --auth yes and a "connectionFactory lookup failed,
> retrying"
> 
> When I add info logging I get
> 
> main 2013-01-25 09:51:26,539 INFO [apache.qpid.client.AMQConnection]
> Connection:amqp://anonymous:********@clientid/test?brokerlist='tcp://localhost:5672'
> main 2013-01-25 09:51:26,973 INFO
> [qpid.client.protocol.AMQProtocolSession] Using ProtocolVersion for
> Session:0-10
> main 2013-01-25 09:51:26,995 INFO
> [qpid.client.handler.ClientMethodDispatcherImpl] New Method
> Dispatcher:AMQProtocolSession[null]
> main 2013-01-25 09:51:27,016 INFO [apache.qpid.client.AMQConnection]
> Connecting with ProtocolHandler Version:0-10
> main 2013-01-25 09:51:27,167 INFO [apache.qpid.client.AMQConnection]
> Unable to connect to broker at tcp://localhost:5672
> org.apache.qpid.AMQException: *Cannot connect to broker:
> connection-forced: Authentication failed [error code 320: context in
> use*]
>      at
> org.apache.qpid.client.AMQConnectionDelegate_0_10.makeBrokerConnection(AMQConnectionDelegate_0_10.java:203)
>      at
> org.apache.qpid.client.AMQConnection.makeBrokerConnection(AMQConnection.java:609)
>      at org.apache.qpid.client.A...............
> 
> Logging at DEBUG doesn't give any more useful info.
> 
> I've tried
> 
> connectionfactory.ConnectionFactory =
> amqp://anonymous:anonymous@clientid/test?brokerlist='tcp://localhost:5672'
> connectionfactory.ConnectionFactory =
> amqp://anonymous:""@clientid/test?brokerlist='tcp://localhost:5672'
> connectionfactory.ConnectionFactory =
> amqp://anonymous:''@clientid/test?brokerlist='tcp://localhost:5672'
> connectionfactory.ConnectionFactory = amqp://anonymous:
> @clientid/test?brokerlist='tcp://localhost:5672'
> 
> 
> and they *all* barf out :-(
> 
> So could someone please tell me what the magic incantation is on a
> Java
> ConnectionURL for connecting with anonymous from a Java Client to a
> C++
> broker.
> 
> just to confirm too that I've tried qpid-config with no parameters to
> the same broker with auth on and off and that works fine so it looks
> like anonymous "authentication" is actually working, just not with
> Java.
> 
> I'm still using 0.12 if that makes any difference (hope to hit 0.20
> soon
> but wanted to look at this first)
> 
> 
> Any ideas??
> 
> Cheers,
> Frase
> 
> 
> 
> 
> 
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org