You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "Erwin Dondorp (Jira)" <ji...@apache.org> on 2021/03/16 23:40:00 UTC

[jira] [Comment Edited] (ARTEMIS-3150) wrong username in error message for AMQP connections

    [ https://issues.apache.org/jira/browse/ARTEMIS-3150?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17302973#comment-17302973 ] 

Erwin Dondorp edited comment on ARTEMIS-3150 at 3/16/21, 11:39 PM:
-------------------------------------------------------------------

[~clebertsuconic] the error message is the same in SNAPSHOT 2.18.0-20210316.214951-34

This is the log (from A) of a scenario with a valid password. Both brokers are started up, first A, then B. Therefore the first 2 connection attempts fail.
{noformat}
     _        _               _
    / \  ____| |_  ___ __  __(_) _____
   / _ \|  _ \ __|/ _ \  \/  | |/  __/
  / ___ \ | \/ |_/  __/ |\/| | |\___ \
/_/   \_\|   \__\____|_|  |_|_|/___ /
Apache ActiveMQ Artemis 2.18.0-SNAPSHOT
...
...
2021-03-16 23:04:22,337 INFO  [org.apache.activemq.artemis.protocol.amqp.logger] AMQ111002:
*******************************************************************************************************************************
Retrying Server AMQP Connection B-broker on B:5672 retry 1 of -1
*******************************************************************************************************************************
...
...
2021-03-16 23:04:27,341 INFO  [org.apache.activemq.artemis.protocol.amqp.logger] AMQ111002:
*******************************************************************************************************************************
Retrying Server AMQP Connection B-broker on B:5672 retry 2 of -1
*******************************************************************************************************************************
...
...
2021-03-16 23:04:32,472 INFO  [org.apache.activemq.artemis.protocol.amqp.logger] AMQ111003:
*******************************************************************************************************************************
Success on Server AMQP Connection B-broker on B:5672 after 2 retries
*******************************************************************************************************************************
2021-03-16 23:04:32,547 WARN  [org.apache.activemq.artemis.core.server] AMQ222216: Security problem while authenticating: AMQ229031: Unable to validate user from B/192.168.96.3:5672. Username: null; SSL certificate subject DN: unavailable
2021-03-16 23:04:32,547 WARN  [org.apache.activemq.artemis.protocol.amqp.proton.handler.ProtonHandler] AMQ229031: Unable to validate user from B/192.168.96.3:5672. Username: null; SSL certificate subject DN: unavailable: ActiveMQSecurityException[errorType=SECURITY_EXCEPTION message=AMQ229031: Unable to validate user from B/192.168.96.3:5672. Username: null; SSL certificate subject DN: unavailable]
   at org.apache.activemq.artemis.core.security.impl.SecurityStoreImpl.authenticationFailed(SecurityStoreImpl.java:373) [artemis-server-2.18. 0-SNAPSHOT.jar:2.18.0-SNAPSHOT]
   at org.apache.activemq.artemis.core.security.impl.SecurityStoreImpl.authenticate(SecurityStoreImpl.java:191) [artemis-server-2.18.0-SNAPSHOT.jar:2.18.0-SNAPSHOT]
   at org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl.createSession(ActiveMQServerImpl.java:1679) [artemis-server-2.18.0-SNAPSHOT.jar:2.18.0-SNAPSHOT]
   at org.apache.activemq.artemis.protocol.amqp.broker.AMQPSessionCallback.init(AMQPSessionCallback.java:210) [artemis-amqp-protocol-2.18.0-SNAPSHOT.jar:2.18.0-SNAPSHOT]
   at org.apache.activemq.artemis.protocol.amqp.proton.AMQPSessionContext.initialize(AMQPSessionContext.java:81) [artemis-amqp-protocol-2.18.0-SNAPSHOT.jar:2.18.0-SNAPSHOT]
   at org.apache.activemq.artemis.protocol.amqp.proton.AMQPConnectionContext.onLocalOpen(AMQPConnectionContext.java:567) [artemis-amqp-protocol-2.18.0-SNAPSHOT.jar:2.18.0-SNAPSHOT]
   at org.apache.activemq.artemis.protocol.amqp.proton.handler.Events.dispatch(Events.java:47) [artemis-amqp-protocol-2.18.0-SNAPSHOT.jar:2.18.0-SNAPSHOT]
   at org.apache.activemq.artemis.protocol.amqp.proton.handler.ProtonHandler.dispatch(ProtonHandler.java:564) [artemis-amqp-protocol-2.18.0-SNAPSHOT.jar:2.18.0-SNAPSHOT]
   at org.apache.activemq.artemis.protocol.amqp.proton.handler.ProtonHandler.flush(ProtonHandler.java:359) [artemis-amqp-protocol-2.18.0-SNAPSHOT.jar:2.18.0-SNAPSHOT]
   at org.apache.activemq.artemis.protocol.amqp.proton.AMQPConnectionContext.flush(AMQPConnectionContext.java:234) [artemis-amqp-protocol-2.18.0-SNAPSHOT.jar:2.18.0-SNAPSHOT]
   at org.apache.activemq.artemis.protocol.amqp.connect.AMQPBrokerConnection.lambda$doConnect$2(AMQPBrokerConnection.java:259) [artemis-amqp-protocol-2.18.0-SNAPSHOT.jar:2.18.0-SNAPSHOT]
   at io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:164) [netty-all-4.1.60.Final.jar:4.1.60.Final]
   at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:472) [netty-all-4.1.60.Final.jar:4.1.60.Final]
   at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:384) [netty-all-4.1.60.Final.jar:4.1.60.Final]
   at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989) [netty-all-4.1.60.Final.jar:4.1.60.Final]
   at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) [netty-all-4.1.60.Final.jar:4.1.60.Final]
   at org.apache.activemq.artemis.utils.ActiveMQThreadFactory$1. run(ActiveMQThreadFactory.java:118) [artemis-commons-2.18.0-SNAPSHOT.jar:2.18.0-SNAPSHOT]
{noformat}

It looks that the WARN message is raised immediately after a successful connection was reported?


was (Author: erwindon):
[~clebertsuconic] the error message is the same in SNAPSHOT 2.18.0-20210316.214951-34

This is the log of a scenario with a valid password. Both brokers are started up, first A, then B. Therefore the first 2 connection attempts fail.
{noformat}
     _        _               _
    / \  ____| |_  ___ __  __(_) _____
   / _ \|  _ \ __|/ _ \  \/  | |/  __/
  / ___ \ | \/ |_/  __/ |\/| | |\___ \
/_/   \_\|   \__\____|_|  |_|_|/___ /
Apache ActiveMQ Artemis 2.18.0-SNAPSHOT
...
...
2021-03-16 23:04:22,337 INFO  [org.apache.activemq.artemis.protocol.amqp.logger] AMQ111002:
*******************************************************************************************************************************
Retrying Server AMQP Connection B-broker on B:5672 retry 1 of -1
*******************************************************************************************************************************
...
...
2021-03-16 23:04:27,341 INFO  [org.apache.activemq.artemis.protocol.amqp.logger] AMQ111002:
*******************************************************************************************************************************
Retrying Server AMQP Connection B-broker on B:5672 retry 2 of -1
*******************************************************************************************************************************
...
...
2021-03-16 23:04:32,472 INFO  [org.apache.activemq.artemis.protocol.amqp.logger] AMQ111003:
*******************************************************************************************************************************
Success on Server AMQP Connection B-broker on B:5672 after 2 retries
*******************************************************************************************************************************
2021-03-16 23:04:32,547 WARN  [org.apache.activemq.artemis.core.server] AMQ222216: Security problem while authenticating: AMQ229031: Unable to validate user from B/192.168.96.3:5672. Username: null; SSL certificate subject DN: unavailable
2021-03-16 23:04:32,547 WARN  [org.apache.activemq.artemis.protocol.amqp.proton.handler.ProtonHandler] AMQ229031: Unable to validate user from B/192.168.96.3:5672. Username: null; SSL certificate subject DN: unavailable: ActiveMQSecurityException[errorType=SECURITY_EXCEPTION message=AMQ229031: Unable to validate user from B/192.168.96.3:5672. Username: null; SSL certificate subject DN: unavailable]
   at org.apache.activemq.artemis.core.security.impl.SecurityStoreImpl.authenticationFailed(SecurityStoreImpl.java:373) [artemis-server-2.18. 0-SNAPSHOT.jar:2.18.0-SNAPSHOT]
   at org.apache.activemq.artemis.core.security.impl.SecurityStoreImpl.authenticate(SecurityStoreImpl.java:191) [artemis-server-2.18.0-SNAPSHOT.jar:2.18.0-SNAPSHOT]
   at org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl.createSession(ActiveMQServerImpl.java:1679) [artemis-server-2.18.0-SNAPSHOT.jar:2.18.0-SNAPSHOT]
   at org.apache.activemq.artemis.protocol.amqp.broker.AMQPSessionCallback.init(AMQPSessionCallback.java:210) [artemis-amqp-protocol-2.18.0-SNAPSHOT.jar:2.18.0-SNAPSHOT]
   at org.apache.activemq.artemis.protocol.amqp.proton.AMQPSessionContext.initialize(AMQPSessionContext.java:81) [artemis-amqp-protocol-2.18.0-SNAPSHOT.jar:2.18.0-SNAPSHOT]
   at org.apache.activemq.artemis.protocol.amqp.proton.AMQPConnectionContext.onLocalOpen(AMQPConnectionContext.java:567) [artemis-amqp-protocol-2.18.0-SNAPSHOT.jar:2.18.0-SNAPSHOT]
   at org.apache.activemq.artemis.protocol.amqp.proton.handler.Events.dispatch(Events.java:47) [artemis-amqp-protocol-2.18.0-SNAPSHOT.jar:2.18.0-SNAPSHOT]
   at org.apache.activemq.artemis.protocol.amqp.proton.handler.ProtonHandler.dispatch(ProtonHandler.java:564) [artemis-amqp-protocol-2.18.0-SNAPSHOT.jar:2.18.0-SNAPSHOT]
   at org.apache.activemq.artemis.protocol.amqp.proton.handler.ProtonHandler.flush(ProtonHandler.java:359) [artemis-amqp-protocol-2.18.0-SNAPSHOT.jar:2.18.0-SNAPSHOT]
   at org.apache.activemq.artemis.protocol.amqp.proton.AMQPConnectionContext.flush(AMQPConnectionContext.java:234) [artemis-amqp-protocol-2.18.0-SNAPSHOT.jar:2.18.0-SNAPSHOT]
   at org.apache.activemq.artemis.protocol.amqp.connect.AMQPBrokerConnection.lambda$doConnect$2(AMQPBrokerConnection.java:259) [artemis-amqp-protocol-2.18.0-SNAPSHOT.jar:2.18.0-SNAPSHOT]
   at io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:164) [netty-all-4.1.60.Final.jar:4.1.60.Final]
   at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:472) [netty-all-4.1.60.Final.jar:4.1.60.Final]
   at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:384) [netty-all-4.1.60.Final.jar:4.1.60.Final]
   at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989) [netty-all-4.1.60.Final.jar:4.1.60.Final]
   at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) [netty-all-4.1.60.Final.jar:4.1.60.Final]
   at org.apache.activemq.artemis.utils.ActiveMQThreadFactory$1. run(ActiveMQThreadFactory.java:118) [artemis-commons-2.18.0-SNAPSHOT.jar:2.18.0-SNAPSHOT]
{noformat}

It looks that the WARN message is raised immediately after a successful connection was reported?

> wrong username in error message for AMQP connections
> ----------------------------------------------------
>
>                 Key: ARTEMIS-3150
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-3150
>             Project: ActiveMQ Artemis
>          Issue Type: Bug
>          Components: Broker
>    Affects Versions: 2.17.0
>            Reporter: Erwin Dondorp
>            Priority: Minor
>         Attachments: A.log, B.log, brokerA.xml, brokerB.xml, login.config
>
>
> I'm connecting independent brokers A and B using the {{broker-connections}} mechanism. A connects to B.
> Using URI, NAME, USER and PASSWORD attributes. The password is wrong on purpose.
> On the A side, the error message is:
> {noformat}
> AMQ222216: Security problem while authenticating: AMQ229031: Unable to validate user from B/192.168.208.3:5672. Username: null; SSL certificate subject DN: unavailable
> {noformat}
> which btw is immediately shown also as an exception:
> {noformat}
> AMQ229031: Unable to validate user from shore01/192.168.208.3:5672. Username: null; SSL certificate subject DN: unavailable: ActiveMQSecurityException[errorType=SECURITY_EXCEPTION message=AMQ229031: Unable to validate user from B/192.168.208.3:5672. Username: null; SSL certificate subject DN: unavailable]
> {noformat}
> both the message and the exception show {{Username: null}}, which is not the given username.
> On the B side, the error message is:
> {noformat}
> AMQ222216: Security problem while authenticating: AMQ229031: Unable to validate user from /192.168.208.2:38180. Username: UUUU; SSL certificate subject DN: unavailable
> {noformat}
> this message shows the correct username.
> So the error message that gets returned from B to A is not the same and has less useful information.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)