[
https://issues.apache.org/jira/browse/AMQ-5470?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Timothy Bish updated AMQ-5470:
------------------------------
Issue Type: Sub-task (was: Bug)
Parent: AMQ-5591
> AMQP - delayed authentication from SASL connect leads to race on client end.
> ----------------------------------------------------------------------------
>
> Key: AMQ-5470
> URL: https://issues.apache.org/jira/browse/AMQ-5470
> Project: ActiveMQ
> Issue Type: Sub-task
> Components: AMQP
> Affects Versions: 5.10.0
> Reporter: Timothy Bish
> Assignee: Timothy Bish
> Fix For: 5.12.0
>
> Attachments: AMQ-5470.patch
>
>
> We currently delay checking the credentials provided during the SASL
> negotiation and also checking if anonymous client connects are legal until
> after opening the proton connection and then we send an error condition
> indicating the failure and close the connection. This can lead to a race on
> the client end where it looks for a breif moment in time that the connection
> succeeded. During that time the client might attempt some further action and
> then fail in an odd way as the connection is closed under it.
> We should look into authenticating immediately and failing the SASL handshake
> if not authorized. We should also consider whether we want to support raw
> connections with a SASL handshake as well since without at least a SASL
> ANONYMOUS handshake we can get back into this issue unless we just forcibly
> close the socket on a client if we don't support anonymous connections.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
