Timothy Bish created AMQ-5470:
---------------------------------
Summary: AMQP - delayed authentication from SASL connect leads to
race on client end.
Key: AMQ-5470
URL: https://issues.apache.org/jira/browse/AMQ-5470
Project: ActiveMQ
Issue Type: Bug
Components: AMQP
Affects Versions: 5.10.0
Reporter: Timothy Bish
Assignee: Timothy Bish
Fix For: 5.11.0
We currently delay checking the credentials provided during the SASL
negotiation and also checking if anonymous client connects are legal until
after opening the proton connection and then we send an error condition
indicating the failure and close the connection. This can lead to a race on
the client end where it looks for a breif moment in time that the connection
succeeded. During that time the client might attempt some further action and
then fail in an odd way as the connection is closed under it.
We should look into authenticating immediately and failing the SASL handshake
if not authorized. We should also consider whether we want to support raw
connections with a SASL handshake as well since without at least a SASL
ANONYMOUS handshake we can get back into this issue unless we just forcibly
close the socket on a client if we don't support anonymous connections.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
