You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@qpid.apache.org by Adam Crain <ac...@greenenergycorp.com> on 2011/01/30 06:55:11 UTC

java broker authentication

Hi,

I'm trying to run against the java broker. Running my unit tests which
succeed against the C++ broker, the log tells me the broker rejects my
user/password of guest:guest

QpidBrokerConnection - Connecting to qpid:/guest@127.0.0.1:5672/localhost
ConnectionException: Error processing data:
javax.security.sasl.SaslException: Authentication failed

How to debug authentication failures?

thanks,
Adam

Re: java broker authentication

Posted by Adam Crain <ac...@greenenergycorp.com>.

Hi Marnie,

I have not modified the default config.xml that comes with the java broker
distribution or the default passwd file.

 <security>
        <principal-databases>
            <!-- Example use of Base64 encoded MD5 hashes for authentication
via CRAM-MD5-Hashed -->
            <principal-database>
                <name>passwordfile</name>

 <class>org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase</class>
                <attributes>
                    <attribute>
                        <name>passwordFile</name>
                        <value>${conf}/passwd</value>
                    </attribute>
                </attributes>
            </principal-database>
        </principal-databases>

        <allow-all />

        <msg-auth>false</msg-auth>

        <jmx>
            <access>${conf}/jmxremote.access</access>
            <principal-database>passwordfile</principal-database>
        </jmx>
    </security>

Here's the brokers debug level log trace for a failed authentication:


2011-01-30 19:25:13,750 INFO  [MINANetworkDriver(Acceptor)-13]
(Log4jMessageLogger.java:72) -  [con:52(/127.0.0.1:34251)] CON-1001 : Open
2011-01-30 19:25:13,750 INFO  [MINANetworkDriver(Acceptor)-15]
(Log4jMessageLogger.java:72) -  [con:45(/127.0.0.1:34244)]  [con:51(/
127.0.0.1:34250)] CON-1002 : Close
2011-01-30 19:25:13,751 INFO  [MINANetworkDriver(Acceptor)-13]
(Log4jMessageLogger.java:72) -  [con:52(/127.0.0.1:34251)] CON-1001 : Open :
Protocol Version : 0-10
2011-01-30 19:25:13,752 DEBUG [MINANetworkDriver(Acceptor)-13]
(Logger.java:54) - RECV: [conn:10b23cf] AMQP.1 0-10
2011-01-30 19:25:13,753 DEBUG [MINANetworkDriver(Acceptor)-13]
(Logger.java:54) - SEND: [conn:10b23cf] AMQP.1 0-10
2011-01-30 19:25:13,754 DEBUG [MINANetworkDriver(Acceptor)-13]
(Logger.java:54) - SEND: [conn:10b23cf] ch=0
ConnectionStart(serverProperties={qpid.federation_tag=1314aa49-f4dc-4d4a-be90-08b5ab0384a3},
mechanisms=[AMQPLAIN, PLAIN, CRAM-MD5], locales=[en_US])
2011-01-30 19:25:13,755 DEBUG [MINANetworkDriver(Acceptor)-13]
(Logger.java:54) - FLUSH: [conn:10b23cf]
2011-01-30 19:25:13,798 DEBUG [MINANetworkDriver(Acceptor)-3]
(Logger.java:54) - RECV: [conn:10b23cf] ch=0
ConnectionStartOk(clientProperties={qpid.session_flow=1,
qpid.client_pid=2867, qpid.client_process=Qpid Java Client},
mechanism=PLAIN, response=[B@725967)
2011-01-30 19:25:13,799 DEBUG [MINANetworkDriver(Acceptor)-3]
(Logger.java:54) - SEND: [conn:10b23cf] ch=0
ConnectionClose(replyCode=CONNECTION_FORCED, replyText=Error processing
data: javax.security.sasl.SaslException: Authentication failed)
2011-01-30 19:25:13,799 DEBUG [MINANetworkDriver(Acceptor)-3]
(Logger.java:54) - FLUSH: [conn:10b23cf]
2011-01-30 19:25:13,820 DEBUG [MINANetworkDriver(Acceptor)-2]
(Logger.java:54) - connection closed: conn:10b23cf


thanks,
Adam
On Sun, Jan 30, 2011 at 3:30 PM, Marnie McCormack <
marnie.mccormack@googlemail.com> wrote:

> Hi Adam,
>
> Can you tell us a bit more about your setup - paste your broker config in
> for the security section and let us know how you setup your user
> credentials
> please ?
>
> Is there anything useful in the broker log - perhaps switching the log
> level
> to debug for the broker would help.
>
> Regards,
> Marnie
>
> On Sun, Jan 30, 2011 at 5:55 AM, Adam Crain <acrain@greenenergycorp.com
> >wrote:
>
> > Hi,
> >
> > I'm trying to run against the java broker. Running my unit tests which
> > succeed against the C++ broker, the log tells me the broker rejects my
> > user/password of guest:guest
> >
> > QpidBrokerConnection - Connecting to qpid:/
> guest@127.0.0.1:5672/localhost
> > ConnectionException: Error processing data:
> > javax.security.sasl.SaslException: Authentication failed
> >
> > How to debug authentication failures?
> >
> > thanks,
> > Adam
> >
>

Re: java broker authentication

Posted by Marnie McCormack <ma...@googlemail.com>.

Hi Adam,

Can you tell us a bit more about your setup - paste your broker config in
for the security section and let us know how you setup your user credentials
please ?

Is there anything useful in the broker log - perhaps switching the log level
to debug for the broker would help.

Regards,
Marnie

On Sun, Jan 30, 2011 at 5:55 AM, Adam Crain <ac...@greenenergycorp.com>wrote:

> Hi,
>
> I'm trying to run against the java broker. Running my unit tests which
> succeed against the C++ broker, the log tells me the broker rejects my
> user/password of guest:guest
>
> QpidBrokerConnection - Connecting to qpid:/guest@127.0.0.1:5672/localhost
> ConnectionException: Error processing data:
> javax.security.sasl.SaslException: Authentication failed
>
> How to debug authentication failures?
>
> thanks,
> Adam
>

Re: java broker authentication

Posted by Adam Crain <ac...@greenenergycorp.com>.

Hi Robbie,

We found the problem. The C++ broker was allowing anonymous connections and
we were sending the wrong password. So we thought our code was correct since
it worked against the C++ broker (--auth no).

Normally I would consider taking a bone headed mistake like this to my grave
:), but there was an oddity with the windows C++ broker that threw us off
the trail:

The C++ broker from RiverAce only seem so use windows accounts to
authenticate. Can anyone explain why this is the case?

So, the java broker is doing what it should be doing. Sorry!

thanks,
Adam

On Mon, Jan 31, 2011 at 6:20 PM, Robbie Gemmell <ro...@gmail.com>wrote:

> Hi Adam,
>
> Can you post a sample of the consumer/producer code you are using, along
> with your connection URLs, what JVM version you are on etc.
>
> Robbie
>
> > -----Original Message-----
> > From: Adam Crain [mailto:acrain@greenenergycorp.com]
> > Sent: 31 January 2011 17:10
> > To: users@qpid.apache.org
> > Subject: Re: java broker authentication
> >
> > We've further narrowed this down. It seems to be a problem with the
> > java
> > client talking to the java broker. The python client seems to work just
> > fine
> > with the account guest:guest.
> >
> > -Adam
> >
> > On Sun, Jan 30, 2011 at 12:55 AM, Adam Crain
> > <ac...@greenenergycorp.com>wrote:
> >
> > > Hi,
> > >
> > > I'm trying to run against the java broker. Running my unit tests
> > which
> > > succeed against the C++ broker, the log tells me the broker rejects
> > my
> > > user/password of guest:guest
> > >
> > > QpidBrokerConnection - Connecting to
> > qpid:/guest@127.0.0.1:5672/localhost
> > > ConnectionException: Error processing data:
> > > javax.security.sasl.SaslException: Authentication failed
> > >
> > > How to debug authentication failures?
> > >
> > > thanks,
> > > Adam
> > >
> > >
> > >
>
>
> ---------------------------------------------------------------------
> Apache Qpid - AMQP Messaging Implementation
> Project:      http://qpid.apache.org
> Use/Interact: mailto:users-subscribe@qpid.apache.org
>
>

RE: java broker authentication

Posted by Robbie Gemmell <ro...@gmail.com>.

Hi Adam, 

Can you post a sample of the consumer/producer code you are using, along
with your connection URLs, what JVM version you are on etc.
 
Robbie

> -----Original Message-----
> From: Adam Crain [mailto:acrain@greenenergycorp.com]
> Sent: 31 January 2011 17:10
> To: users@qpid.apache.org
> Subject: Re: java broker authentication
> 
> We've further narrowed this down. It seems to be a problem with the
> java
> client talking to the java broker. The python client seems to work just
> fine
> with the account guest:guest.
> 
> -Adam
> 
> On Sun, Jan 30, 2011 at 12:55 AM, Adam Crain
> <ac...@greenenergycorp.com>wrote:
> 
> > Hi,
> >
> > I'm trying to run against the java broker. Running my unit tests
> which
> > succeed against the C++ broker, the log tells me the broker rejects
> my
> > user/password of guest:guest
> >
> > QpidBrokerConnection - Connecting to
> qpid:/guest@127.0.0.1:5672/localhost
> > ConnectionException: Error processing data:
> > javax.security.sasl.SaslException: Authentication failed
> >
> > How to debug authentication failures?
> >
> > thanks,
> > Adam
> >
> >
> >


---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org

Re: java broker authentication

Posted by Adam Crain <ac...@greenenergycorp.com>.

We've further narrowed this down. It seems to be a problem with the java
client talking to the java broker. The python client seems to work just fine
with the account guest:guest.

-Adam

On Sun, Jan 30, 2011 at 12:55 AM, Adam Crain <ac...@greenenergycorp.com>wrote:

> Hi,
>
> I'm trying to run against the java broker. Running my unit tests which
> succeed against the C++ broker, the log tells me the broker rejects my
> user/password of guest:guest
>
> QpidBrokerConnection - Connecting to qpid:/guest@127.0.0.1:5672/localhost
> ConnectionException: Error processing data:
> javax.security.sasl.SaslException: Authentication failed
>
> How to debug authentication failures?
>
> thanks,
> Adam
>
>
>