[
https://issues.apache.org/activemq/browse/AMQ-2858?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kamal updated AMQ-2858:
-----------------------
Description:
In case of exception as shown below, the ConnectionInfo logged as warning which
logs Password in plain Text. Should have encrypted or log as XXXX or YYYY ...
If ConnectionInfo override the BaseCommand's toString(Map<String,
Object>overrideFields) method and set Password as XXXXX... this would be better
handled.
WARN org.apache.activemq.broker.TransportConnection.Service [ActiveMQ
Transport Stopper: /134.42.197.187:2512] - Failed to remove connection
ConnectionInfo {commandId = 1, responseRequired = true, connectionId =
4a6df719-b8ed-4431-a97f-52b93078f021, clientId =
2061e6c0-f8e0-4882-860c-89c3fd7e36db, userName = YYYYX *password = X2342$*,
brokerPath = null, brokerMasterConnector = false, manageable = false,
clientMaster = true}
java.lang.SecurityException: User is not authenticated.
at
org.apache.activemq.security.AuthorizationBroker.addDestination(AuthorizationBroker.java:52)
at
org.apache.activemq.broker.MutableBrokerFilter.addDestination(MutableBrokerFilter.java:149)
at
org.apache.activemq.broker.region.RegionBroker.send(RegionBroker.java:425)
at
org.apache.activemq.broker.TransactionBroker.send(TransactionBroker.java:224)
at
org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java:439)
at
org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java:369)
at
org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java:364)
at
org.apache.activemq.advisory.AdvisoryBroker.removeConnection(AdvisoryBroker.java:223)
at
org.apache.activemq.broker.BrokerFilter.removeConnection(BrokerFilter.java:110)
at
org.apache.activemq.broker.BrokerFilter.removeConnection(BrokerFilter.java:110)
at
org.apache.activemq.broker.BrokerFilter.removeConnection(BrokerFilter.java:110)
at
org.apache.activemq.broker.MutableBrokerFilter.removeConnection(MutableBrokerFilter.java:117)
at
org.apache.activemq.broker.TransportConnection.processRemoveConnection(TransportConnection.java:709)
at
org.apache.activemq.broker.TransportConnection.doStop(TransportConnection.java:976)
at
org.apache.activemq.broker.jmx.ManagedTransportConnection.doStop(ManagedTransportConnection.java:71)
at
org.apache.activemq.broker.TransportConnection$3.run(TransportConnection.java:907)
was:
In case of exception as shown below, the ConnectionInfo logged as warning which
logs Password in plain Text. Should have encrypted or log as XXXX or YYYY ...
If ConnectionInfo override the BaseCommand's toString(Map<String,
Object>overrideFields) method and set Password as XXXXX... this would be better
handled.
WARN org.apache.activemq.broker.TransportConnection.Service [ActiveMQ
Transport Stopper: /134.42.197.187:2512] - Failed to remove connection
ConnectionInfo {commandId = 1, responseRequired = true, connectionId =
4a6df719-b8ed-4431-a97f-52b93078f021, clientId =
2061e6c0-f8e0-4882-860c-89c3fd7e36db, userName = YYYYX *password = X2342$*,
brokerPath = null, brokerMasterConnector = false, manageable = false,
clientMaster = true}
java.lang.SecurityException: User is not authenticated.
at
org.apache.activemq.security.AuthorizationBroker.addDestination(AuthorizationBroker.java:52)
at
org.apache.activemq.broker.MutableBrokerFilter.addDestination(MutableBrokerFilter.java:149)
at
org.apache.activemq.broker.region.RegionBroker.send(RegionBroker.java:425)
at
org.apache.activemq.broker.TransactionBroker.send(TransactionBroker.java:224)
at
org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java:439)
at
org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java:369)
at
org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java:364)
at
org.apache.activemq.advisory.AdvisoryBroker.removeConnection(AdvisoryBroker.java:223)
at
org.apache.activemq.broker.BrokerFilter.removeConnection(BrokerFilter.java:110)
at
org.apache.activemq.broker.BrokerFilter.removeConnection(BrokerFilter.java:110)
at
org.apache.activemq.broker.BrokerFilter.removeConnection(BrokerFilter.java:110)
at
org.apache.activemq.broker.MutableBrokerFilter.removeConnection(MutableBrokerFilter.java:117)
at
org.apache.activemq.broker.TransportConnection.processRemoveConnection(TransportConnection.java:709)
at
org.apache.activemq.broker.TransportConnection.doStop(TransportConnection.java:976)
at
org.apache.activemq.broker.jmx.ManagedTransportConnection.doStop(ManagedTransportConnection.java:71)
at
org.apache.activemq.broker.TransportConnection$3.run(TransportConnection.java:907)
This is different than https://issues.apache.org/activemq/browse/AMQ-2499
The exception is logged at WARN level with password in plain text.
> ConnectionInfo does not override toString to stop logging actual Password in
> case of Warning.
> ----------------------------------------------------------------------------------------------
>
> Key: AMQ-2858
> URL: https://issues.apache.org/activemq/browse/AMQ-2858
> Project: ActiveMQ
> Issue Type: Bug
> Components: Broker
> Affects Versions: 5.3.0
> Environment: Linux
> Reporter: Kamal
> Priority: Critical
>
> In case of exception as shown below, the ConnectionInfo logged as warning
> which logs Password in plain Text. Should have encrypted or log as XXXX or
> YYYY ...
> If ConnectionInfo override the BaseCommand's toString(Map<String,
> Object>overrideFields) method and set Password as XXXXX... this would be
> better handled.
> WARN org.apache.activemq.broker.TransportConnection.Service [ActiveMQ
> Transport Stopper: /134.42.197.187:2512] - Failed to remove connection
> ConnectionInfo {commandId = 1, responseRequired = true, connectionId =
> 4a6df719-b8ed-4431-a97f-52b93078f021, clientId =
> 2061e6c0-f8e0-4882-860c-89c3fd7e36db, userName = YYYYX *password = X2342$*,
> brokerPath = null, brokerMasterConnector = false, manageable = false,
> clientMaster = true}
> java.lang.SecurityException: User is not authenticated.
> at
> org.apache.activemq.security.AuthorizationBroker.addDestination(AuthorizationBroker.java:52)
> at
> org.apache.activemq.broker.MutableBrokerFilter.addDestination(MutableBrokerFilter.java:149)
> at
> org.apache.activemq.broker.region.RegionBroker.send(RegionBroker.java:425)
> at
> org.apache.activemq.broker.TransactionBroker.send(TransactionBroker.java:224)
> at
> org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java:439)
> at
> org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java:369)
> at
> org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java:364)
> at
> org.apache.activemq.advisory.AdvisoryBroker.removeConnection(AdvisoryBroker.java:223)
> at
> org.apache.activemq.broker.BrokerFilter.removeConnection(BrokerFilter.java:110)
> at
> org.apache.activemq.broker.BrokerFilter.removeConnection(BrokerFilter.java:110)
> at
> org.apache.activemq.broker.BrokerFilter.removeConnection(BrokerFilter.java:110)
> at
> org.apache.activemq.broker.MutableBrokerFilter.removeConnection(MutableBrokerFilter.java:117)
> at
> org.apache.activemq.broker.TransportConnection.processRemoveConnection(TransportConnection.java:709)
> at
> org.apache.activemq.broker.TransportConnection.doStop(TransportConnection.java:976)
> at
> org.apache.activemq.broker.jmx.ManagedTransportConnection.doStop(ManagedTransportConnection.java:71)
> at
> org.apache.activemq.broker.TransportConnection$3.run(TransportConnection.java:907)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
