[
https://issues.apache.org/jira/browse/QPID-943?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ted Ross reopened QPID-943:
---------------------------
There's an issue with the way userId checking is done in the C++ broker. The
broker, when it stores the userId for a connection (line 68 in
qpid/broker/SemanticState.cpp), strips the domain portion of the ID. So if the
userId is "[email protected]", it will be stored as "fred".
The problem is that when "[email protected]" creates a connection and then sends
messages with userId => "[email protected]", the messages are rejected because
the strings don't match.
Having the client strip the domain before producing a message seems incorrect
since important information is lost. Also, a consumer which is using the
vouched-for userId for its own purposes will need the domain text.
I propose that userIds not be tampered with by the broker. Will this cause a
problem with the JMS clients? What does the Java broker do?
-Ted
> Move JMSXUserID creation to client to improve broker performance
> ----------------------------------------------------------------
>
> Key: QPID-943
> URL: https://issues.apache.org/jira/browse/QPID-943
> Project: Qpid
> Issue Type: Improvement
> Components: Java Broker, Java Client
> Affects Versions: 0.5
> Reporter: Marnie McCormack
> Assignee: Rajith Attapattu
> Fix For: 0.6
>
> Attachments: c++broker_userid_check.patch,
> javabroker_userid_check.patch, JMSXUserID.patch
>
>
> Summary:
> Currently the broker modifies the message to add the JMSXUserID. A better
> approach would be to have the client encode that detail and have the broker
> verify that it is correct. This means that the broker does not have to
> re-encode every message. It also allows the sending client to decide if they
> wish to include the JMSXUserID for validation.
> Proposed Changes:
> Removing existing modification code replacing with validation if the
> JMSXUserID is present. If validation is required to pass then close the
> connection on failures.
> Augment to client to have the ability to manuall or automatically set the
> JMSXUserID based on the authenticated connection.
> Test Strategy:
> Test messages with manual user id creation(correct and incorrect), automatic
> user id creation.
> Test broker in validation mode and lenient mode.
> Testing should include performance metrics to quantify the inpact of the
> additional processing.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:[email protected]
