You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@activemq.apache.org by "Gary Tully (JIRA)" <ji...@apache.org> on 2015/02/03 22:52:36 UTC
[jira] [Updated] (AMQ-5470) AMQP - delayed authentication from SASL
connect leads to race on client end.
[ https://issues.apache.org/jira/browse/AMQ-5470?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Gary Tully updated AMQ-5470:
----------------------------
Fix Version/s: (was: 5.11.0)
5.12.0
> AMQP - delayed authentication from SASL connect leads to race on client end.
> ----------------------------------------------------------------------------
>
> Key: AMQ-5470
> URL: https://issues.apache.org/jira/browse/AMQ-5470
> Project: ActiveMQ
> Issue Type: Bug
> Components: AMQP
> Affects Versions: 5.10.0
> Reporter: Timothy Bish
> Assignee: Timothy Bish
> Fix For: 5.12.0
>
> Attachments: AMQ-5470.patch
>
>
> We currently delay checking the credentials provided during the SASL negotiation and also checking if anonymous client connects are legal until after opening the proton connection and then we send an error condition indicating the failure and close the connection. This can lead to a race on the client end where it looks for a breif moment in time that the connection succeeded. During that time the client might attempt some further action and then fail in an odd way as the connection is closed under it.
> We should look into authenticating immediately and failing the SASL handshake if not authorized. We should also consider whether we want to support raw connections with a SASL handshake as well since without at least a SASL ANONYMOUS handshake we can get back into this issue unless we just forcibly close the socket on a client if we don't support anonymous connections.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)