[
https://issues.apache.org/jira/browse/QPID-2979?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12991744#comment-12991744
]
Rajith Attapattu commented on QPID-2979:
----------------------------------------
The reason why this used to work before (0.6 release) was due to the Java
client silently ignoring SASL negotiation if the broker does not support any of
the SASL mechanism the client is configured to use.
This IMO is a security issue and should be immediately highlighted via an
exception.
Therefore from 0.8 onwards the Java client now throws an exception if the
client does not support any of the mechanisms offered by the broker.
By default the Java client supports PLAIN - and it does not seem to support
ANONYMOUS [see #1]
[1]
http://download.oracle.com/javase/6/docs/technotes/guides/security/sasl/sasl-refguide.html
> The following SASL mechanisms [PLAIN] specified by the client are not
> supported by the broker
> ---------------------------------------------------------------------------------------------
>
> Key: QPID-2979
> URL: https://issues.apache.org/jira/browse/QPID-2979
> Project: Qpid
> Issue Type: Bug
> Components: C++ Broker, Java Client
> Affects Versions: 0.8
> Environment: Windows XP
> Reporter: Ibisek
> Fix For: Future
>
>
> An exception is thrown when connecting from a Java client (v 0.8) to qpidd (v
> 0.8) run with "--auth no".
> javax.jms.JMSException: Error creating connection: The following SASL
> mechanisms [PLAIN] specified by the client are not supported by the broker
> at
> org.apache.qpid.client.AMQConnectionFactory.createConnection(AMQConnectionFactory.java:286)
> Used JNDI/JMS configuration:
> java.naming.factory.initial =
> org.apache.qpid.jndi.PropertiesFileInitialContextFactory
> connectionfactory.qpidConnectionfactory =
> amqp://guest:guest@clientid/abcd?brokerlist='tcp://localhost:5672'
> destination.mainSend = direct://amq.direct//step.01
> It worked just fine in 0.6 but no success now in 0.8.
> The broker is from Contributed C++ Packages -> Windows Installer
> (http://www.riverace.com/qpid/qpidc-0.8-x86.msi)
> Logs from qpidd:
> C:Program Filesapache-qpidc-0.8bin>qpidd --auth no --log-enable info+
> --log-enable trace+:amqp_0_10
> 2010-12-15 11:42:48 info Management enabled
> 2010-12-15 11:42:48 notice SASL disabled: No Authentication Performed
> 2010-12-15 11:42:48 info Policy file not specified. ACL Disabled, no ACL
> checking being done!
> 2010-12-15 11:42:48 error Failed to initialise SSL listener: The credentials
> supplied to the package were not recognized (........cpps
> rcqpidbrokerwindowsSslProtocolFactory.cpp:177)
> 2010-12-15 11:42:48 notice Listening on TCP port 5672
> 5672
> 2010-12-15 11:42:48 notice Broker running
> 2010-12-15 11:42:53 trace SENT 127.0.0.1:1786 INIT(0-10)
> 2010-12-15 11:42:53 trace SENT [127.0.0.1:1786]: Frame[BEbe; channel=0;
> {ConnectionStartBody: server-properties={qpid.federation_tag:V2:36:s
> tr16(96790865-dc5c-427a-affe-70d021653737)};
> mechanisms=str16{V2:9:str16(ANONYMOUS)}; locales=str16{V2:5:str16(en_US)}; }]
> Run it with the -t option:
> 2010-12-15 11:45:56 trace SEND raiseEvent (v1)
> class=org.apache.qpid.broker.clientDisconnect
> 2010-12-15 11:46:01 debug RECV [127.0.0.1:1794] INIT(0-10)
> 2010-12-15 11:46:01 trace SENT 127.0.0.1:1794 INIT(0-10)
> 2010-12-15 11:46:01 trace SENT [127.0.0.1:1794]: Frame[BEbe; channel=0;
> {ConnectionStartBody: server-properties={qpid.federation_tag:V2:36:s
> tr16(96790865-dc5c-427a-affe-70d021653737)};
> mechanisms=str16{V2:9:str16(ANONYMOUS)}; locales=str16{V2:5:str16(en_US)}; }]
> 2010-12-15 11:46:01 debug DISCONNECTED [127.0.0.1:1794]
> 2010-12-15 11:46:01 trace SEND raiseEvent (v1)
> class=org.apache.qpid.broker.clientDisconnect
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:dev-subscr...@qpid.apache.org
