You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@qpid.apache.org by Jakub Scholz <ja...@scholz.cz> on 2015/03/26 13:19:43 UTC
Qpid JMS 0.1.0 and SASL EXTERNAL
Hi Robbie, Tim,
I was wondering ... does the new JMS client already support SASL EXTERNAL
authentication? It looks like it selects the EXTERNAL mechanism when it is
offered by the broker, but it looks like it never responds to the challenge
sent by the broker (Qpid C++ 0.22 / MRG-M 3.0).
Thanks & Regards
Jakub
Re: Qpid JMS 0.1.0 and SASL EXTERNAL
Posted by Jakub Scholz <ja...@scholz.cz>.
Hi Robbie,
Oki, great. Please let me know in case I can help you with testing or
something like that.
Thanks & Regards
Jakub
On Wed, Apr 1, 2015 at 2:29 PM, Robbie Gemmell <ro...@gmail.com>
wrote:
> Hi Jakub,
>
> I'll take a look at adding that in, it is something I noticed a while
> back but had admittedly forgotten about since. There are some things
> in that area I'd like to change so I'll add that too.
>
> Robbie
>
> On 1 April 2015 at 08:29, Jakub Scholz <ja...@scholz.cz> wrote:
> > Hi Robbie,
> >
> > Sorry, I didn't managed to test it yesterday. But I had a look at it now
> > and it seems to work nicely (tested against Qpid 0.22 / MRG-M 3.0).
> Thanks
> > a lot for fixing it.
> >
> > The last major thing I seem to be missing for my use cases is the
> > possibility to select which specific certificate should be used for the
> > EXTERNAL authentication. Is that somewhere on your roadmap? Should I try
> to
> > prepare some patch based on how it is implemented in the older clients?
> >
> > Thanks & Regards
> > Jakub
> >
> > On Tue, Mar 31, 2015 at 7:24 PM, Robbie Gemmell <
> robbie.gemmell@gmail.com>
> > wrote:
> >
> >> Hi Jakub,
> >>
> >> I made a change to the client to resolve this, stopping the broker
> >> needing to send the challenge. I verified the change against qpidd
> >> 0.32.
> >>
> >> I prodded the nightly snapshot job to run earlier so a build with the
> >> changes are now available, if you want to test this or anything else
> >> the bug had prevented you trying. You can get the bits either by
> >> adding https://repository.apache.org/content/repositories/snapshots as
> >> a repo for your maven build and using the 0.2.0-SNAPSHOT client
> >> dependency, or by grabbing the src/bin archive from
> >>
> >>
> https://repository.apache.org/content/repositories/snapshots/org/apache/qpid/apache-qpid-jms/0.2.0-SNAPSHOT/
> >>
> >> Robbie
> >>
> >> On 26 March 2015 at 14:09, Jakub Scholz <ja...@scholz.cz> wrote:
> >> > I raised the JIRA - QPIDJMS-33. I also added the related logs from the
> >> > client and broker. Let me know if you need some more help reproducing
> it
> >> /
> >> > testing it.
> >> >
> >> > Robbie, it can definitely wait after your vacation is over - enjoy
> your
> >> > free time instead of fixing Qpid bugs :-).
> >> >
> >> > Regards
> >> > Jakub
> >> >
> >> > On Thu, Mar 26, 2015 at 2:27 PM, Robbie Gemmell <
> >> robbie.gemmell@gmail.com>
> >> > wrote:
> >> >
> >> >> Hi Jakub,
> >> >>
> >> >> Its meant to, but would seem not to be doing something correctly and
> >> >> so isnt playing well with the C++ broker as a result (I'll admit I
> >> >> only tested it against the Java broker when I added it).
> >> >>
> >> >> I'm a little surprised that the broker is actually challenging, but
> >> >> from a quick read of the rfc I would guess the client isnt sending
> the
> >> >> empty initial response and so the server is challenging using it and
> >> >> expecting an empty response that the client again fails to send. If
> >> >> thats the case I imagine the empty bytes are being dropped somewhere.
> >> >> I'll take a look when I get a chance, but it might not be until my
> >> >> vacation is done (Monday).
> >> >>
> >> >> Robbie
> >> >>
> >> >> On 26 March 2015 at 12:19, Jakub Scholz <ja...@scholz.cz> wrote:
> >> >> > Hi Robbie, Tim,
> >> >> >
> >> >> > I was wondering ... does the new JMS client already support SASL
> >> EXTERNAL
> >> >> > authentication? It looks like it selects the EXTERNAL mechanism
> when
> >> it
> >> >> is
> >> >> > offered by the broker, but it looks like it never responds to the
> >> >> challenge
> >> >> > sent by the broker (Qpid C++ 0.22 / MRG-M 3.0).
> >> >> >
> >> >> > Thanks & Regards
> >> >> > Jakub
> >> >>
> >> >> ---------------------------------------------------------------------
> >> >> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
> >> >> For additional commands, e-mail: users-help@qpid.apache.org
> >> >>
> >> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
> >> For additional commands, e-mail: users-help@qpid.apache.org
> >>
> >>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
> For additional commands, e-mail: users-help@qpid.apache.org
>
>
Re: Qpid JMS 0.1.0 and SASL EXTERNAL
Posted by Robbie Gemmell <ro...@gmail.com>.
Hi Jakub,
I'll take a look at adding that in, it is something I noticed a while
back but had admittedly forgotten about since. There are some things
in that area I'd like to change so I'll add that too.
Robbie
On 1 April 2015 at 08:29, Jakub Scholz <ja...@scholz.cz> wrote:
> Hi Robbie,
>
> Sorry, I didn't managed to test it yesterday. But I had a look at it now
> and it seems to work nicely (tested against Qpid 0.22 / MRG-M 3.0). Thanks
> a lot for fixing it.
>
> The last major thing I seem to be missing for my use cases is the
> possibility to select which specific certificate should be used for the
> EXTERNAL authentication. Is that somewhere on your roadmap? Should I try to
> prepare some patch based on how it is implemented in the older clients?
>
> Thanks & Regards
> Jakub
>
> On Tue, Mar 31, 2015 at 7:24 PM, Robbie Gemmell <ro...@gmail.com>
> wrote:
>
>> Hi Jakub,
>>
>> I made a change to the client to resolve this, stopping the broker
>> needing to send the challenge. I verified the change against qpidd
>> 0.32.
>>
>> I prodded the nightly snapshot job to run earlier so a build with the
>> changes are now available, if you want to test this or anything else
>> the bug had prevented you trying. You can get the bits either by
>> adding https://repository.apache.org/content/repositories/snapshots as
>> a repo for your maven build and using the 0.2.0-SNAPSHOT client
>> dependency, or by grabbing the src/bin archive from
>>
>> https://repository.apache.org/content/repositories/snapshots/org/apache/qpid/apache-qpid-jms/0.2.0-SNAPSHOT/
>>
>> Robbie
>>
>> On 26 March 2015 at 14:09, Jakub Scholz <ja...@scholz.cz> wrote:
>> > I raised the JIRA - QPIDJMS-33. I also added the related logs from the
>> > client and broker. Let me know if you need some more help reproducing it
>> /
>> > testing it.
>> >
>> > Robbie, it can definitely wait after your vacation is over - enjoy your
>> > free time instead of fixing Qpid bugs :-).
>> >
>> > Regards
>> > Jakub
>> >
>> > On Thu, Mar 26, 2015 at 2:27 PM, Robbie Gemmell <
>> robbie.gemmell@gmail.com>
>> > wrote:
>> >
>> >> Hi Jakub,
>> >>
>> >> Its meant to, but would seem not to be doing something correctly and
>> >> so isnt playing well with the C++ broker as a result (I'll admit I
>> >> only tested it against the Java broker when I added it).
>> >>
>> >> I'm a little surprised that the broker is actually challenging, but
>> >> from a quick read of the rfc I would guess the client isnt sending the
>> >> empty initial response and so the server is challenging using it and
>> >> expecting an empty response that the client again fails to send. If
>> >> thats the case I imagine the empty bytes are being dropped somewhere.
>> >> I'll take a look when I get a chance, but it might not be until my
>> >> vacation is done (Monday).
>> >>
>> >> Robbie
>> >>
>> >> On 26 March 2015 at 12:19, Jakub Scholz <ja...@scholz.cz> wrote:
>> >> > Hi Robbie, Tim,
>> >> >
>> >> > I was wondering ... does the new JMS client already support SASL
>> EXTERNAL
>> >> > authentication? It looks like it selects the EXTERNAL mechanism when
>> it
>> >> is
>> >> > offered by the broker, but it looks like it never responds to the
>> >> challenge
>> >> > sent by the broker (Qpid C++ 0.22 / MRG-M 3.0).
>> >> >
>> >> > Thanks & Regards
>> >> > Jakub
>> >>
>> >> ---------------------------------------------------------------------
>> >> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
>> >> For additional commands, e-mail: users-help@qpid.apache.org
>> >>
>> >>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
>> For additional commands, e-mail: users-help@qpid.apache.org
>>
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org
Re: Qpid JMS 0.1.0 and SASL EXTERNAL
Posted by Jakub Scholz <ja...@scholz.cz>.
Hi Robbie,
Sorry, I didn't managed to test it yesterday. But I had a look at it now
and it seems to work nicely (tested against Qpid 0.22 / MRG-M 3.0). Thanks
a lot for fixing it.
The last major thing I seem to be missing for my use cases is the
possibility to select which specific certificate should be used for the
EXTERNAL authentication. Is that somewhere on your roadmap? Should I try to
prepare some patch based on how it is implemented in the older clients?
Thanks & Regards
Jakub
On Tue, Mar 31, 2015 at 7:24 PM, Robbie Gemmell <ro...@gmail.com>
wrote:
> Hi Jakub,
>
> I made a change to the client to resolve this, stopping the broker
> needing to send the challenge. I verified the change against qpidd
> 0.32.
>
> I prodded the nightly snapshot job to run earlier so a build with the
> changes are now available, if you want to test this or anything else
> the bug had prevented you trying. You can get the bits either by
> adding https://repository.apache.org/content/repositories/snapshots as
> a repo for your maven build and using the 0.2.0-SNAPSHOT client
> dependency, or by grabbing the src/bin archive from
>
> https://repository.apache.org/content/repositories/snapshots/org/apache/qpid/apache-qpid-jms/0.2.0-SNAPSHOT/
>
> Robbie
>
> On 26 March 2015 at 14:09, Jakub Scholz <ja...@scholz.cz> wrote:
> > I raised the JIRA - QPIDJMS-33. I also added the related logs from the
> > client and broker. Let me know if you need some more help reproducing it
> /
> > testing it.
> >
> > Robbie, it can definitely wait after your vacation is over - enjoy your
> > free time instead of fixing Qpid bugs :-).
> >
> > Regards
> > Jakub
> >
> > On Thu, Mar 26, 2015 at 2:27 PM, Robbie Gemmell <
> robbie.gemmell@gmail.com>
> > wrote:
> >
> >> Hi Jakub,
> >>
> >> Its meant to, but would seem not to be doing something correctly and
> >> so isnt playing well with the C++ broker as a result (I'll admit I
> >> only tested it against the Java broker when I added it).
> >>
> >> I'm a little surprised that the broker is actually challenging, but
> >> from a quick read of the rfc I would guess the client isnt sending the
> >> empty initial response and so the server is challenging using it and
> >> expecting an empty response that the client again fails to send. If
> >> thats the case I imagine the empty bytes are being dropped somewhere.
> >> I'll take a look when I get a chance, but it might not be until my
> >> vacation is done (Monday).
> >>
> >> Robbie
> >>
> >> On 26 March 2015 at 12:19, Jakub Scholz <ja...@scholz.cz> wrote:
> >> > Hi Robbie, Tim,
> >> >
> >> > I was wondering ... does the new JMS client already support SASL
> EXTERNAL
> >> > authentication? It looks like it selects the EXTERNAL mechanism when
> it
> >> is
> >> > offered by the broker, but it looks like it never responds to the
> >> challenge
> >> > sent by the broker (Qpid C++ 0.22 / MRG-M 3.0).
> >> >
> >> > Thanks & Regards
> >> > Jakub
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
> >> For additional commands, e-mail: users-help@qpid.apache.org
> >>
> >>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
> For additional commands, e-mail: users-help@qpid.apache.org
>
>
Re: Qpid JMS 0.1.0 and SASL EXTERNAL
Posted by Robbie Gemmell <ro...@gmail.com>.
Hi Jakub,
I made a change to the client to resolve this, stopping the broker
needing to send the challenge. I verified the change against qpidd
0.32.
I prodded the nightly snapshot job to run earlier so a build with the
changes are now available, if you want to test this or anything else
the bug had prevented you trying. You can get the bits either by
adding https://repository.apache.org/content/repositories/snapshots as
a repo for your maven build and using the 0.2.0-SNAPSHOT client
dependency, or by grabbing the src/bin archive from
https://repository.apache.org/content/repositories/snapshots/org/apache/qpid/apache-qpid-jms/0.2.0-SNAPSHOT/
Robbie
On 26 March 2015 at 14:09, Jakub Scholz <ja...@scholz.cz> wrote:
> I raised the JIRA - QPIDJMS-33. I also added the related logs from the
> client and broker. Let me know if you need some more help reproducing it /
> testing it.
>
> Robbie, it can definitely wait after your vacation is over - enjoy your
> free time instead of fixing Qpid bugs :-).
>
> Regards
> Jakub
>
> On Thu, Mar 26, 2015 at 2:27 PM, Robbie Gemmell <ro...@gmail.com>
> wrote:
>
>> Hi Jakub,
>>
>> Its meant to, but would seem not to be doing something correctly and
>> so isnt playing well with the C++ broker as a result (I'll admit I
>> only tested it against the Java broker when I added it).
>>
>> I'm a little surprised that the broker is actually challenging, but
>> from a quick read of the rfc I would guess the client isnt sending the
>> empty initial response and so the server is challenging using it and
>> expecting an empty response that the client again fails to send. If
>> thats the case I imagine the empty bytes are being dropped somewhere.
>> I'll take a look when I get a chance, but it might not be until my
>> vacation is done (Monday).
>>
>> Robbie
>>
>> On 26 March 2015 at 12:19, Jakub Scholz <ja...@scholz.cz> wrote:
>> > Hi Robbie, Tim,
>> >
>> > I was wondering ... does the new JMS client already support SASL EXTERNAL
>> > authentication? It looks like it selects the EXTERNAL mechanism when it
>> is
>> > offered by the broker, but it looks like it never responds to the
>> challenge
>> > sent by the broker (Qpid C++ 0.22 / MRG-M 3.0).
>> >
>> > Thanks & Regards
>> > Jakub
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
>> For additional commands, e-mail: users-help@qpid.apache.org
>>
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org
Re: Qpid JMS 0.1.0 and SASL EXTERNAL
Posted by Jakub Scholz <ja...@scholz.cz>.
I raised the JIRA - QPIDJMS-33. I also added the related logs from the
client and broker. Let me know if you need some more help reproducing it /
testing it.
Robbie, it can definitely wait after your vacation is over - enjoy your
free time instead of fixing Qpid bugs :-).
Regards
Jakub
On Thu, Mar 26, 2015 at 2:27 PM, Robbie Gemmell <ro...@gmail.com>
wrote:
> Hi Jakub,
>
> Its meant to, but would seem not to be doing something correctly and
> so isnt playing well with the C++ broker as a result (I'll admit I
> only tested it against the Java broker when I added it).
>
> I'm a little surprised that the broker is actually challenging, but
> from a quick read of the rfc I would guess the client isnt sending the
> empty initial response and so the server is challenging using it and
> expecting an empty response that the client again fails to send. If
> thats the case I imagine the empty bytes are being dropped somewhere.
> I'll take a look when I get a chance, but it might not be until my
> vacation is done (Monday).
>
> Robbie
>
> On 26 March 2015 at 12:19, Jakub Scholz <ja...@scholz.cz> wrote:
> > Hi Robbie, Tim,
> >
> > I was wondering ... does the new JMS client already support SASL EXTERNAL
> > authentication? It looks like it selects the EXTERNAL mechanism when it
> is
> > offered by the broker, but it looks like it never responds to the
> challenge
> > sent by the broker (Qpid C++ 0.22 / MRG-M 3.0).
> >
> > Thanks & Regards
> > Jakub
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
> For additional commands, e-mail: users-help@qpid.apache.org
>
>
Re: Qpid JMS 0.1.0 and SASL EXTERNAL
Posted by Robbie Gemmell <ro...@gmail.com>.
Hi Jakub,
Its meant to, but would seem not to be doing something correctly and
so isnt playing well with the C++ broker as a result (I'll admit I
only tested it against the Java broker when I added it).
I'm a little surprised that the broker is actually challenging, but
from a quick read of the rfc I would guess the client isnt sending the
empty initial response and so the server is challenging using it and
expecting an empty response that the client again fails to send. If
thats the case I imagine the empty bytes are being dropped somewhere.
I'll take a look when I get a chance, but it might not be until my
vacation is done (Monday).
Robbie
On 26 March 2015 at 12:19, Jakub Scholz <ja...@scholz.cz> wrote:
> Hi Robbie, Tim,
>
> I was wondering ... does the new JMS client already support SASL EXTERNAL
> authentication? It looks like it selects the EXTERNAL mechanism when it is
> offered by the broker, but it looks like it never responds to the challenge
> sent by the broker (Qpid C++ 0.22 / MRG-M 3.0).
>
> Thanks & Regards
> Jakub
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org
Re: Qpid JMS 0.1.0 and SASL EXTERNAL
Posted by Timothy Bish <ta...@gmail.com>.
On 03/26/2015 08:19 AM, Jakub Scholz wrote:
> Hi Robbie, Tim,
>
> I was wondering ... does the new JMS client already support SASL EXTERNAL
> authentication? It looks like it selects the EXTERNAL mechanism when it is
> offered by the broker, but it looks like it never responds to the challenge
> sent by the broker (Qpid C++ 0.22 / MRG-M 3.0).
>
> Thanks & Regards
> Jakub
>
I know that Robbie did add some initial support for EXTERNAL but I'm not
sure to what extent it was tested or working, so we'd have to peek and
see. My suggestion is that if you run into things like this you open a
JIRA at https://issues.apache.org/jira/browse/QPIDJMS/ to capture your
environment, broker config etc and we can try and get things sorted out.
--
Tim Bish
Sr Software Engineer | RedHat Inc.
tim.bish@redhat.com | www.redhat.com
skype: tabish121 | twitter: @tabish121
blog: http://timbish.blogspot.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org