You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Ted Ross (JIRA)" <qp...@incubator.apache.org> on 2009/08/26 17:07:59 UTC
[jira] Reopened: (QPID-943) Move JMSXUserID creation to client to
improve broker performance
[ https://issues.apache.org/jira/browse/QPID-943?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ted Ross reopened QPID-943:
---------------------------
There's an issue with the way userId checking is done in the C++ broker. The broker, when it stores the userId for a connection (line 68 in qpid/broker/SemanticState.cpp), strips the domain portion of the ID. So if the userId is "fred@domain.com", it will be stored as "fred".
The problem is that when "fred@domain.com" creates a connection and then sends messages with userId => "fred@domain.com", the messages are rejected because the strings don't match.
Having the client strip the domain before producing a message seems incorrect since important information is lost. Also, a consumer which is using the vouched-for userId for its own purposes will need the domain text.
I propose that userIds not be tampered with by the broker. Will this cause a problem with the JMS clients? What does the Java broker do?
-Ted
> Move JMSXUserID creation to client to improve broker performance
> ----------------------------------------------------------------
>
> Key: QPID-943
> URL: https://issues.apache.org/jira/browse/QPID-943
> Project: Qpid
> Issue Type: Improvement
> Components: Java Broker, Java Client
> Affects Versions: 0.5
> Reporter: Marnie McCormack
> Assignee: Rajith Attapattu
> Fix For: 0.6
>
> Attachments: c++broker_userid_check.patch, javabroker_userid_check.patch, JMSXUserID.patch
>
>
> Summary:
> Currently the broker modifies the message to add the JMSXUserID. A better approach would be to have the client encode that detail and have the broker verify that it is correct. This means that the broker does not have to re-encode every message. It also allows the sending client to decide if they wish to include the JMSXUserID for validation.
> Proposed Changes:
> Removing existing modification code replacing with validation if the JMSXUserID is present. If validation is required to pass then close the connection on failures.
> Augment to client to have the ability to manuall or automatically set the JMSXUserID based on the authenticated connection.
> Test Strategy:
> Test messages with manual user id creation(correct and incorrect), automatic user id creation.
> Test broker in validation mode and lenient mode.
> Testing should include performance metrics to quantify the inpact of the additional processing.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org