[jira] [Commented] (AMQ-3625) NullPointer Exceptions when networked broker sends certificate with an invalid user name

[Timothy Bish (Commented) (JIRA)]

    [ 
https://issues.apache.org/jira/browse/AMQ-3625?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13173204#comment-13173204
 ] 

Timothy Bish commented on AMQ-3625:
-----------------------------------

The patch doesn't address the real issue here which is that the 
TransportConnection is continuing to process incoming commands from the its 
Transport after the detection of a Security violation from the Connection 
request.  It seems that the safer thing to do here would be to block processing 
of any additional incoming commands and terminate the connection after sending 
back a ConnectionError command to the connecting client.
                
> NullPointer Exceptions when networked broker sends certificate with an 
> invalid user name
> ----------------------------------------------------------------------------------------
>
>                 Key: AMQ-3625
>                 URL: https://issues.apache.org/jira/browse/AMQ-3625
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: Broker
>    Affects Versions: 5.5.1
>            Reporter: Stan Lewis
>            Priority: Minor
>         Attachments: 0001-Avoid-NPE.patch
>
>
> Couple NPEs pop out when a connecting one broker to another using 
> authentication if the authentication fails:
> WARN | Failed to add Connection 
> ID:Susan-Javureks-MacBook-Pro-3.local-53150-1322608354523-5:1, reason: 
> java.lang.SecurityException: User name [null] or password is invalid. No user 
> for client certificate: CN=Dave Stanley, OU=FuseSource, O=Progress, 
> L=Unknown, ST=MA, C=US
> WARN | Async error occurred: java.lang.SecurityException: User name [null] or 
> password is invalid. No user for client certificate: CN=Dave Stanley, 
> OU=FuseSource, O=Progress, L=Unknown, ST=MA, C=US
> java.lang.SecurityException: User name [null] or password is invalid. No user 
> for client certificate: CN=Dave Stanley, OU=FuseSource, O=Progress, 
> L=Unknown, ST=MA, C=US
> at 
> org.apache.activemq.security.JaasCertificateAuthenticationBroker.addConnection(JaasCertificateAuthenticationBroker.java:102)
> at org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:85)
> at 
> org.apache.activemq.broker.MutableBrokerFilter.addConnection(MutableBrokerFilter.java:91)
> at 
> org.apache.activemq.broker.TransportConnection.processAddConnection(TransportConnection.java:707)
> at 
> org.apache.activemq.broker.jmx.ManagedTransportConnection.processAddConnection(ManagedTransportConnection.java:77)
> at org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:139)
> at 
> org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:318)
> at 
> org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:181)
> at 
> org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java:69)
> at 
> org.apache.activemq.transport.WireFormatNegotiator.onCommand(WireFormatNegotiator.java:113)
> at 
> org.apache.activemq.transport.InactivityMonitor.onCommand(InactivityMonitor.java:227)
> at 
> org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:83)
> at 
> org.apache.activemq.transport.tcp.SslTransport.doConsume(SslTransport.java:91)
> at org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:223)
> at org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:205)
> at java.lang.Thread.run(Thread.java:680)
> Caused by: javax.security.auth.login.FailedLoginException: No user for client 
> certificate: CN=Dave Stanley, OU=FuseSource, O=Progress, L=Unknown, ST=MA, 
> C=US
> at 
> org.apache.activemq.jaas.CertificateLoginModule.login(CertificateLoginModule.java:93)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
> at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
> at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
> at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
> at 
> org.apache.activemq.security.JaasCertificateAuthenticationBroker.addConnection(JaasCertificateAuthenticationBroker.java:87)
> ... 15 more
> {color:red}WARN | Async error occurred: java.lang.NullPointerException
> java.lang.NullPointerException{color}
> at 
> org.apache.activemq.broker.TransportConnection.processAddProducer(TransportConnection.java:512)
> at org.apache.activemq.command.ProducerInfo.visit(ProducerInfo.java:105)
> at 
> org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:318)
> at 
> org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:181)
> at 
> org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java:69)
> at 
> org.apache.activemq.transport.WireFormatNegotiator.onCommand(WireFormatNegotiator.java:113)
> at 
> org.apache.activemq.transport.InactivityMonitor.onCommand(InactivityMonitor.java:227)
> at 
> org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:83)
> at 
> org.apache.activemq.transport.tcp.SslTransport.doConsume(SslTransport.java:91)
> at org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:223)
> at org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:205)
> at java.lang.Thread.run(Thread.java:680)
> WARN | {color:red}Async error occurred: java.lang.NullPointerException
> java.lang.NullPointerException{color}
> at 
> org.apache.activemq.broker.TransportConnection.processAddConsumer(TransportConnection.java:551)
> at org.apache.activemq.command.ConsumerInfo.visit(ConsumerInfo.java:349)
> at 
> org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:318)
> at 
> org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:181)
> at 
> org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java:69)
> at 
> org.apache.activemq.transport.WireFormatNegotiator.onCommand(WireFormatNegotiator.java:113)
> at 
> org.apache.activemq.transport.InactivityMonitor.onCommand(InactivityMonitor.java:227)
> at 
> org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:83)
> at 
> org.apache.activemq.transport.tcp.SslTransport.doConsume(SslTransport.java:91)
> at org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:223)
> at org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:205)
> at java.lang.Thread.run(Thread.java:680)
> In this case the actual problem is the certificate doesn't match the 
> configured password, but the two NPEs after this exception don't look good.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira