[jira] [Closed] (AMQ-3688) slave fail if client connected to master via SSL in master/slave configuration

Thu, 29 Nov 2012 13:37:03 -0800 

     [ 
https://issues.apache.org/jira/browse/AMQ-3688?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Timothy Bish closed AMQ-3688.
-----------------------------

    Resolution: Won't Fix

Pure master/slave removed in upcoming v5.8.0
                
> slave fail if client connected to master via SSL in master/slave configuration
> ------------------------------------------------------------------------------
>
>                 Key: AMQ-3688
>                 URL: https://issues.apache.org/jira/browse/AMQ-3688
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: Broker
>    Affects Versions: 5.5.0, 5.5.1
>         Environment: A master broker with SSL enabled and client certificate 
> authentication.
> A slave broker with a master connector using a TCP transport with username 
> and password set.
> On each broker, JaasDualAuthenticationPlugin enabled.
> On each broker an authorizationMap restraining access to queues to specified 
> groups.
>            Reporter: SL
>
> 0/ the master/slave configuration is started, the slave have started its 
> master connector using its credential (username/pasword) and a MasterBroker 
> instance have been created on the master.
> 1/ a client creates a new connection on the master broker with ssl and its 
> client certificate. the ConnectionInfo is propagated through the BrokerFilter 
> stack with addConnection().
> 2/ the MasterBroker sends the ConnectionInfo to the slave via 
> sendAsyncToSlave(Command command) ; the ConnectionInfo have userName=null and 
> password=null but appropriate transportContext information that allowed it to 
> pass though JaasCertificateAuthenticationBroker is set.
> 3/ The slave broker receive the ConnectionInfo command, does not have the 
> initial SSL transportContext, channel it as no SSL to 
> JaasAuthenticationBroker, which choke on the null userName ( -> NPE in 
> login() -> Login failed exception )
> 4/ Each message inserted on the master by the ssl client triggers an 
> exception (Slave Failed) for the the unreferenced connection id on the slave 
> side. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to