[jira] Updated: (QPID-1482) Management Console cant complete PLAIN user authentication process
[ https://issues.apache.org/jira/browse/QPID-1482?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Martin Ritchie updated QPID-1482: - Status: Ready To Review (was: In Progress) Management Console cant complete PLAIN user authentication process -- Key: QPID-1482 URL: https://issues.apache.org/jira/browse/QPID-1482 Project: Qpid Issue Type: Bug Components: Java Broker, Java Management : JMX Console Affects Versions: M4 Reporter: Robert Gemmell Assignee: Martin Ritchie Attachments: QPID-1482_22nov2008.patch When the patches I supplied for QPID-1481 and QPID-794 are used, the management console is able to communicate with the broker across the JMXMPConnector link but is still unable to successfully complete the connection, however the failure now occurs during the PLAIN authentication process as opposed to before it like previously. Despite this, the management console reports that Qpid server is not running. Enabling debug console output for the management console yields the following exception listing: java.io.IOException: java.lang.NullPointerException at com.sun.jmx.remote.opt.security.AdminClient.throwExceptionOnError(AdminClient.java:379) at com.sun.jmx.remote.opt.security.AdminClient.connectionOpen(AdminClient.java:184) at com.sun.jmx.remote.generic.ClientSynchroMessageConnectionImpl.connect(ClientSynchroMessageConnectionImpl.java:112) at javax.management.remote.generic.GenericConnector.connect(GenericConnector.java:217) at javax.management.remote.jmxmp.JMXMPConnector.connect(JMXMPConnector.java:159) at javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:248) at org.apache.qpid.management.ui.jmx.JMXServerRegistry$ConnectorThread.run(JMXServerRegistry.java:204) at java.lang.Thread.run(Thread.java:619) java.io.IOException: java.lang.NullPointerException at com.sun.jmx.remote.opt.security.AdminClient.throwExceptionOnError(AdminClient.java:379) at com.sun.jmx.remote.opt.security.AdminClient.connectionOpen(AdminClient.java:184) at com.sun.jmx.remote.generic.ClientSynchroMessageConnectionImpl.connect(ClientSynchroMessageConnectionImpl.java:112) at javax.management.remote.generic.GenericConnector.connect(GenericConnector.java:217) at javax.management.remote.jmxmp.JMXMPConnector.connect(JMXMPConnector.java:159) at javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:248) at org.apache.qpid.management.ui.jmx.JMXServerRegistry$ConnectorThread.run(JMXServerRegistry.java:204) at java.lang.Thread.run(Thread.java:619) The broker was slightly more informative however, giving: GenericConnectorServer ClientCreation.run WARNING: Failed to open connection: java.lang.NullPointerException java.lang.NullPointerException at org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase.compareCharArray(PlainPasswordFilePrincipalDatabase.java:182) at org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase.verifyPassword(PlainPasswordFilePrincipalDatabase.java:130) at org.apache.qpid.server.management.JMXManagedObjectRegistry$UserCallbackHandler.handle(JMXManagedObjectRegistry.java:267) at org.apache.qpid.server.security.auth.sasl.plain.PlainSaslServer.evaluateResponse(PlainSaslServer.java:81) at com.sun.jmx.remote.opt.security.SASLServerHandler.consumeMessage(SASLServerHandler.java:164) at com.sun.jmx.remote.opt.security.AdminServer.connectionOpen(AdminServer.java:216) at com.sun.jmx.remote.generic.ServerSynchroMessageConnectionImpl.connect(ServerSynchroMessageConnectionImpl.java:98) at javax.management.remote.generic.GenericConnectorServer$ClientCreation.run(GenericConnectorServer.java:443) at com.sun.jmx.remote.opt.util.ThreadService$ThreadServiceJob.run(ThreadS -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
Re: [jira] Updated: (QPID-1482) Management Console cant complete PLAIN user authentication process
Hi Robbie, Welcome to the Apache Qpid project. Thanks for this patch, and the others you have contributed on the management console items. We'll divvy them up and review them before committing. I'll post a separate thread to get the patches a qpid-er to review. Bye for now, Regards, Marnie On Sat, Nov 22, 2008 at 5:58 PM, Robert Gemmell (JIRA) qpid-dev@incubator.apache.org wrote: [ https://issues.apache.org/jira/browse/QPID-1482?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel] Robert Gemmell updated QPID-1482: - Attachment: QPID-1482_22nov2008.patch After investigation, it became clear that the PasswordCallback being used to verify the password contained a null pointer for the password field, despite the fact this had successfully been communicated to the broker by the management console. I found that this was the result of the setPassword() method never having been called on it, and tracked the issue down to changes made as a result of QPID-474 in order to ensure that the broker was properly validating passwords in the PlainSaslServer class. Evidently, the JMX org.apache.qpid.server.management.JMXManagedObjectRegistry class was written whilst this was an open issue, as its private UserCallbackHandler class depended on the behavior it exhibited in order to work, although it actually did verify the password as a result. I first proceeded to modify the UserCallbackHandler private class and fixed the issue, but then realised this issue could/would simply occur again in the future and that the broker must have its own callback handlers, which it does. Not seeing a need for there to be a callback handler in the broker that is specific to the management console, I removed the private UserCallbackHandler class and modified the JMXManagedObjectRegistry class to make use of the brokers org.apache.qpid.server.security.auth.sasl.plain.PlainInitialiser and associated UsernamePasswordInitialiser classes to handle the authentication process. Following this, the management console is able to successfully complete PLAIN authentication when paired with my patches for QPID-1481 and QPID-794 I attach a patch, QPID-1482_22nov2008.patch , which addresses the changes required for the PLAIN authentication, and also includes the workaround for the exception i mentioned above, which may or may not be something you want to include but is easily removed if desired, only being a one-liner. Management Console cant complete PLAIN user authentication process -- Key: QPID-1482 URL: https://issues.apache.org/jira/browse/QPID-1482 Project: Qpid Issue Type: Bug Components: Java Broker, Java Management : JMX Console Affects Versions: M4 Reporter: Robert Gemmell Attachments: QPID-1482_22nov2008.patch When the patches I supplied for QPID-1481 and QPID-794 are used, the management console is able to communicate with the broker across the JMXMPConnector link but is still unable to successfully complete the connection, however the failure now occurs during the PLAIN authentication process as opposed to before it like previously. Despite this, the management console reports that Qpid server is not running. Enabling debug console output for the management console yields the following exception listing: java.io.IOException: java.lang.NullPointerException at com.sun.jmx.remote.opt.security.AdminClient.throwExceptionOnError(AdminClient.java:379) at com.sun.jmx.remote.opt.security.AdminClient.connectionOpen(AdminClient.java:184) at com.sun.jmx.remote.generic.ClientSynchroMessageConnectionImpl.connect(ClientSynchroMessageConnectionImpl.java:112) at javax.management.remote.generic.GenericConnector.connect(GenericConnector.java:217) at javax.management.remote.jmxmp.JMXMPConnector.connect(JMXMPConnector.java:159) at javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:248) at org.apache.qpid.management.ui.jmx.JMXServerRegistry$ConnectorThread.run(JMXServerRegistry.java:204) at java.lang.Thread.run(Thread.java:619) java.io.IOException: java.lang.NullPointerException at com.sun.jmx.remote.opt.security.AdminClient.throwExceptionOnError(AdminClient.java:379) at com.sun.jmx.remote.opt.security.AdminClient.connectionOpen(AdminClient.java:184) at com.sun.jmx.remote.generic.ClientSynchroMessageConnectionImpl.connect(ClientSynchroMessageConnectionImpl.java:112) at javax.management.remote.generic.GenericConnector.connect(GenericConnector.java:217) at javax.management.remote.jmxmp.JMXMPConnector.connect(JMXMPConnector.java:159) at javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:248) at
[jira] Updated: (QPID-1482) Management Console cant complete PLAIN user authentication process
[ https://issues.apache.org/jira/browse/QPID-1482?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robert Gemmell updated QPID-1482: - Description: When the patches I supplied for QPID-1481 and QPID-794 are used, the management console is able to communicate with the broker across the JMXMPConnector link but is still unable to successfully complete the connection, however the failure now occurs during the PLAIN authentication process as opposed to before it like previously. Despite this, the management console reports that Qpid server is not running. Enabling debug console output for the management console yields the following exception listing: java.io.IOException: java.lang.NullPointerException at com.sun.jmx.remote.opt.security.AdminClient.throwExceptionOnError(AdminClient.java:379) at com.sun.jmx.remote.opt.security.AdminClient.connectionOpen(AdminClient.java:184) at com.sun.jmx.remote.generic.ClientSynchroMessageConnectionImpl.connect(ClientSynchroMessageConnectionImpl.java:112) at javax.management.remote.generic.GenericConnector.connect(GenericConnector.java:217) at javax.management.remote.jmxmp.JMXMPConnector.connect(JMXMPConnector.java:159) at javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:248) at org.apache.qpid.management.ui.jmx.JMXServerRegistry$ConnectorThread.run(JMXServerRegistry.java:204) at java.lang.Thread.run(Thread.java:619) java.io.IOException: java.lang.NullPointerException at com.sun.jmx.remote.opt.security.AdminClient.throwExceptionOnError(AdminClient.java:379) at com.sun.jmx.remote.opt.security.AdminClient.connectionOpen(AdminClient.java:184) at com.sun.jmx.remote.generic.ClientSynchroMessageConnectionImpl.connect(ClientSynchroMessageConnectionImpl.java:112) at javax.management.remote.generic.GenericConnector.connect(GenericConnector.java:217) at javax.management.remote.jmxmp.JMXMPConnector.connect(JMXMPConnector.java:159) at javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:248) at org.apache.qpid.management.ui.jmx.JMXServerRegistry$ConnectorThread.run(JMXServerRegistry.java:204) at java.lang.Thread.run(Thread.java:619) The broker was slightly more informative however, giving: GenericConnectorServer ClientCreation.run WARNING: Failed to open connection: java.lang.NullPointerException java.lang.NullPointerException at org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase.compareCharArray(PlainPasswordFilePrincipalDatabase.java:182) at org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase.verifyPassword(PlainPasswordFilePrincipalDatabase.java:130) at org.apache.qpid.server.management.JMXManagedObjectRegistry$UserCallbackHandler.handle(JMXManagedObjectRegistry.java:267) at org.apache.qpid.server.security.auth.sasl.plain.PlainSaslServer.evaluateResponse(PlainSaslServer.java:81) at com.sun.jmx.remote.opt.security.SASLServerHandler.consumeMessage(SASLServerHandler.java:164) at com.sun.jmx.remote.opt.security.AdminServer.connectionOpen(AdminServer.java:216) at com.sun.jmx.remote.generic.ServerSynchroMessageConnectionImpl.connect(ServerSynchroMessageConnectionImpl.java:98) at javax.management.remote.generic.GenericConnectorServer$ClientCreation.run(GenericConnectorServer.java:443) at com.sun.jmx.remote.opt.util.ThreadService$ThreadServiceJob.run(ThreadS was: When the patches I supplied for QPID-1481 and QPID-794 are used, the management console is able to communicate with the broker across the JMXMPConnector link but is still unable to successfully complete the connection, however the failure now occurs during the authentication process as opposed to before it like previously. Despite this, the management console reports that Qpid server is not running. Enabling debug console output for the management console yields the following exception listing: java.io.IOException: java.lang.NullPointerException at com.sun.jmx.remote.opt.security.AdminClient.throwExceptionOnError(AdminClient.java:379) at com.sun.jmx.remote.opt.security.AdminClient.connectionOpen(AdminClient.java:184) at com.sun.jmx.remote.generic.ClientSynchroMessageConnectionImpl.connect(ClientSynchroMessageConnectionImpl.java:112) at javax.management.remote.generic.GenericConnector.connect(GenericConnector.java:217) at javax.management.remote.jmxmp.JMXMPConnector.connect(JMXMPConnector.java:159) at javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:248) at org.apache.qpid.management.ui.jmx.JMXServerRegistry$ConnectorThread.run(JMXServerRegistry.java:204) at java.lang.Thread.run(Thread.java:619) java.io.IOException:
[jira] Updated: (QPID-1482) Management Console cant complete PLAIN user authentication process
[ https://issues.apache.org/jira/browse/QPID-1482?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robert Gemmell updated QPID-1482: - Attachment: QPID-1482_22nov2008.patch After investigation, it became clear that the PasswordCallback being used to verify the password contained a null pointer for the password field, despite the fact this had successfully been communicated to the broker by the management console. I found that this was the result of the setPassword() method never having been called on it, and tracked the issue down to changes made as a result of QPID-474 in order to ensure that the broker was properly validating passwords in the PlainSaslServer class. Evidently, the JMX org.apache.qpid.server.management.JMXManagedObjectRegistry class was written whilst this was an open issue, as its private UserCallbackHandler class depended on the behavior it exhibited in order to work, although it actually did verify the password as a result. I first proceeded to modify the UserCallbackHandler private class and fixed the issue, but then realised this issue could/would simply occur again in the future and that the broker must have its own callback handlers, which it does. Not seeing a need for there to be a callback handler in the broker that is specific to the management console, I removed the private UserCallbackHandler class and modified the JMXManagedObjectRegistry class to make use of the brokers org.apache.qpid.server.security.auth.sasl.plain.PlainInitialiser and associated UsernamePasswordInitialiser classes to handle the authentication process. Following this, the management console is able to successfully complete PLAIN authentication when paired with my patches for QPID-1481 and QPID-794 I attach a patch, QPID-1482_22nov2008.patch , which addresses the changes required for the PLAIN authentication, and also includes the workaround for the exception i mentioned above, which may or may not be something you want to include but is easily removed if desired, only being a one-liner. Management Console cant complete PLAIN user authentication process -- Key: QPID-1482 URL: https://issues.apache.org/jira/browse/QPID-1482 Project: Qpid Issue Type: Bug Components: Java Broker, Java Management : JMX Console Affects Versions: M4 Reporter: Robert Gemmell Attachments: QPID-1482_22nov2008.patch When the patches I supplied for QPID-1481 and QPID-794 are used, the management console is able to communicate with the broker across the JMXMPConnector link but is still unable to successfully complete the connection, however the failure now occurs during the PLAIN authentication process as opposed to before it like previously. Despite this, the management console reports that Qpid server is not running. Enabling debug console output for the management console yields the following exception listing: java.io.IOException: java.lang.NullPointerException at com.sun.jmx.remote.opt.security.AdminClient.throwExceptionOnError(AdminClient.java:379) at com.sun.jmx.remote.opt.security.AdminClient.connectionOpen(AdminClient.java:184) at com.sun.jmx.remote.generic.ClientSynchroMessageConnectionImpl.connect(ClientSynchroMessageConnectionImpl.java:112) at javax.management.remote.generic.GenericConnector.connect(GenericConnector.java:217) at javax.management.remote.jmxmp.JMXMPConnector.connect(JMXMPConnector.java:159) at javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:248) at org.apache.qpid.management.ui.jmx.JMXServerRegistry$ConnectorThread.run(JMXServerRegistry.java:204) at java.lang.Thread.run(Thread.java:619) java.io.IOException: java.lang.NullPointerException at com.sun.jmx.remote.opt.security.AdminClient.throwExceptionOnError(AdminClient.java:379) at com.sun.jmx.remote.opt.security.AdminClient.connectionOpen(AdminClient.java:184) at com.sun.jmx.remote.generic.ClientSynchroMessageConnectionImpl.connect(ClientSynchroMessageConnectionImpl.java:112) at javax.management.remote.generic.GenericConnector.connect(GenericConnector.java:217) at javax.management.remote.jmxmp.JMXMPConnector.connect(JMXMPConnector.java:159) at javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:248) at org.apache.qpid.management.ui.jmx.JMXServerRegistry$ConnectorThread.run(JMXServerRegistry.java:204) at java.lang.Thread.run(Thread.java:619) The broker was slightly more informative however, giving: GenericConnectorServer ClientCreation.run WARNING: Failed to open connection: java.lang.NullPointerException java.lang.NullPointerException at