On Wed, 2012-10-24 at 15:26 +0200, Massimo Paladin wrote: > Hi Timothy, > > I have a couple of questions. > > One is related to the unit test which I provided for this bug. > In the xml configuration file (JaasStompSSLBroker.xml) if you remove the > "transport.enabledCipherSuites" > option from the openwire+nio+ssl connector it stops working generating and > EOFException > on the client side, is this intended? > Why isn't there a default for that option?
I'm sure there are more issues to be found. The best thing to do is create a test case showing the differences and issues and opening more Jira tickets. > > javax.jms.JMSException: java.io.EOFException > at > org.apache.activemq.util.JMSExceptionSupport.create(JMSExceptionSupport.java:49) > at > org.apache.activemq.ActiveMQConnection.syncSendPacket(ActiveMQConnection.java:1377) > at > org.apache.activemq.ActiveMQConnection.ensureConnectionInfoSent(ActiveMQConnection.java:1481) > at > org.apache.activemq.ActiveMQConnection.start(ActiveMQConnection.java:516) > at > org.apache.activemq.bugs.AMQ4126Test.openwireConnectTo(AMQ4126Test.java:136) > at > org.apache.activemq.bugs.AMQ4126Test.testOpenwireNIOSSLWithUsernameAndPassword(AMQ4126Test.java:152) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > > The other question is related to the validation of the connectors URIs. > We noticed that there is no error checking on the given options in the URI. > In our brokers we were using "needClientAuth" set to true for the ssl > connectors, > with stomp+nio+ssl connector we kept "needClientAuth" which did not work > because the correct option is "transport.needClientAuth". > This resulted in a non-obvious error generating an exception in the server > side (below). > > The actual behaviour is not consistent between the stomp+ssl and the > stomp+nio+ssl connectors, > stomp+ssl seems working fine with "needClientAuth" option and for > stomp+nio+ssl > "transport.needClientAuth" is required in order to work. > > It would be nice if these kind of situations would not be made possible > doing some > sort of error checking in the provided connector's options, would this be > possible? > > java.lang.SecurityException: Unable to authenticate transport without SSL > certificate. > at > org.apache.activemq.security.JaasCertificateAuthenticationBroker.addConnection(JaasCertificateAuthenticationBroker.java:74) > at > org.apache.activemq.security.JaasDualAuthenticationBroker.addConnection(JaasDualAuthenticationBroker.java:98) > at > org.apache.activemq.broker.MutableBrokerFilter.addConnection(MutableBrokerFilter.java:91) > at > org.apache.activemq.broker.TransportConnection.processAddConnection(TransportConnection.java:712) > at > org.apache.activemq.broker.jmx.ManagedTransportConnection.processAddConnection(ManagedTransportConnection.java:80) > at > org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:139) > at > org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:294) > at > org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:152) > at > org.apache.activemq.transport.MutexTransport.onCommand(MutexTransport.java:45) > at > org.apache.activemq.transport.AbstractInactivityMonitor.onCommand(AbstractInactivityMonitor.java:256) > at > org.apache.activemq.transport.stomp.StompTransportFilter.sendToActiveMQ(StompTransportFilter.java:84) > at > org.apache.activemq.transport.stomp.ProtocolConverter.sendToActiveMQ(ProtocolConverter.java:164) > at > org.apache.activemq.transport.stomp.ProtocolConverter.onStompConnect(ProtocolConverter.java:678) > at > org.apache.activemq.transport.stomp.ProtocolConverter.onStompCommand(ProtocolConverter.java:219) > at > org.apache.activemq.transport.stomp.StompTransportFilter.onCommand(StompTransportFilter.java:73) > at > org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:83) > at > org.apache.activemq.transport.nio.NIOSSLTransport.doConsume(NIOSSLTransport.java:335) > at > org.apache.activemq.transport.stomp.StompNIOSSLTransport.doConsume(StompNIOSSLTransport.java:72) > at > org.apache.activemq.transport.stomp.StompCodec.processCommand(StompCodec.java:113) > at org.apache.activemq.transport.stomp.StompCodec.parse(StompCodec.java:92) > at > org.apache.activemq.transport.stomp.StompNIOSSLTransport.processCommand(StompNIOSSLTransport.java:60) > at > org.apache.activemq.transport.nio.NIOSSLTransport.serviceRead(NIOSSLTransport.java:196) > at > org.apache.activemq.transport.nio.NIOSSLTransport$1.onSelect(NIOSSLTransport.java:148) > at > org.apache.activemq.transport.nio.SelectorSelection.onSelect(SelectorSelection.java:94) > at > org.apache.activemq.transport.nio.SelectorWorker$1.run(SelectorWorker.java:119) > at > java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) > at java.lang.Thread.run(Thread.java:662) > > Cheers, > --- > Massimo Paladin > > email: [email protected] > website: http://www.mpaladin.com > flickr's page: http://flickr.com/photos/massimop > > > On Wed, Oct 24, 2012 at 1:08 AM, Timothy Bish (JIRA) <[email protected]>wrote: > > > > > [ > > https://issues.apache.org/jira/browse/AMQ-4126?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel] > > > > Timothy Bish resolved AMQ-4126. > > ------------------------------- > > > > Resolution: Fixed > > > > Fixed now in trunk, test cases added so this should stay fixed now. > > > > > stomp+nio+ssl + jaasDualAuthenticationPlugin + certificate > > authentication fails > > > > > ------------------------------------------------------------------------------- > > > > > > Key: AMQ-4126 > > > URL: https://issues.apache.org/jira/browse/AMQ-4126 > > > Project: ActiveMQ > > > Issue Type: Bug > > > Components: stomp, Transport > > > Affects Versions: 5.7.0 > > > Reporter: Massimo Paladin > > > Assignee: Timothy Bish > > > Fix For: 5.8.0 > > > > > > Attachments: AMQ4126.tgz > > > > > > > > > Hello, > > > ActiveMQ's trunk currently fails for the current use case: > > > - server: stomp+nio+ssl connector + jaasDualAuthenticationPlugin > > > - client: connecting to the server and expecting private certificate > > authentication > > > Unit test reproducing the problem provided. > > > {noformat} > > > 2012-10-23 17:13:01,207 [MQ NIO Worker 4] - WARN ProtocolConverter > > - Exception occurred processing: > > > CONNECT > > > ^@: java.lang.SecurityException: User name [null] or password is invalid. > > > 2012-10-23 17:13:01,210 [MQ NIO Worker 4] - WARN Transport > > - Transport Connection to: tcp://128.141.156.34:59500 failed: > > java.io.IOException: User name [null] or password is invalid. > > > {noformat} > > > > -- > > This message is automatically generated by JIRA. > > If you think it was sent incorrectly, please contact your JIRA > > administrators > > For more information on JIRA, see: http://www.atlassian.com/software/jira > > -- Tim Bish Sr Software Engineer | RedHat Inc. [email protected] | www.fusesource.com | www.redhat.com skype: tabish121 | twitter: @tabish121 blog: http://timbish.blogspot.com/
