You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@activemq.apache.org by "SL (Created) (JIRA)" <ji...@apache.org> on 2012/01/30 11:27:10 UTC
[jira] [Created] (AMQ-3688) slave fail if client connected to
master via SSL in master/slave configuration
slave fail if client connected to master via SSL in master/slave configuration
------------------------------------------------------------------------------
Key: AMQ-3688
URL: https://issues.apache.org/jira/browse/AMQ-3688
Project: ActiveMQ
Issue Type: Bug
Components: Broker
Affects Versions: 5.5.1, 5.5.0
Environment: A master broker with SSL enabled and client certificate authentication.
A slave broker with a master connector using a TCP transport with username and password set.
On each broker, JaasDualAuthenticationPlugin enabled.
On each broker an authorizationMap restraining access to queues to specified groups.
Reporter: SL
0/ the master/slave configuration is started, the slave have started its master connector using its credential (username/pasword) and a MasterBroker instance have been created on the master.
1/ a client creates a new connection on the master broker with ssl and its client certificate. the ConnectionInfo is propagated through the BrokerFilter stack with addConnection().
2/ the MasterBroker sends the ConnectionInfo to the slave via sendAsyncToSlave(Command command) ; the ConnectionInfo have userName=null and password=null but appropriate transportContext information that allowed it to pass though JaasCertificateAuthenticationBroker is set.
3/ The slave broker receive the ConnectionInfo command, does not have the initial SSL transportContext, channel it as no SSL to JaasAuthenticationBroker, which choke on the null userName ( -> NPE in login() -> Login failed exception )
4/ Each message inserted on the master by the ssl client triggers an exception (Slave Failed) for the the unreferenced connection id on the slave side.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Closed] (AMQ-3688) slave fail if client connected to master
via SSL in master/slave configuration
Posted by "Timothy Bish (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/AMQ-3688?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Timothy Bish closed AMQ-3688.
-----------------------------
Resolution: Won't Fix
Pure master/slave removed in upcoming v5.8.0
> slave fail if client connected to master via SSL in master/slave configuration
> ------------------------------------------------------------------------------
>
> Key: AMQ-3688
> URL: https://issues.apache.org/jira/browse/AMQ-3688
> Project: ActiveMQ
> Issue Type: Bug
> Components: Broker
> Affects Versions: 5.5.0, 5.5.1
> Environment: A master broker with SSL enabled and client certificate authentication.
> A slave broker with a master connector using a TCP transport with username and password set.
> On each broker, JaasDualAuthenticationPlugin enabled.
> On each broker an authorizationMap restraining access to queues to specified groups.
> Reporter: SL
>
> 0/ the master/slave configuration is started, the slave have started its master connector using its credential (username/pasword) and a MasterBroker instance have been created on the master.
> 1/ a client creates a new connection on the master broker with ssl and its client certificate. the ConnectionInfo is propagated through the BrokerFilter stack with addConnection().
> 2/ the MasterBroker sends the ConnectionInfo to the slave via sendAsyncToSlave(Command command) ; the ConnectionInfo have userName=null and password=null but appropriate transportContext information that allowed it to pass though JaasCertificateAuthenticationBroker is set.
> 3/ The slave broker receive the ConnectionInfo command, does not have the initial SSL transportContext, channel it as no SSL to JaasAuthenticationBroker, which choke on the null userName ( -> NPE in login() -> Login failed exception )
> 4/ Each message inserted on the master by the ssl client triggers an exception (Slave Failed) for the the unreferenced connection id on the slave side.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira