[jira] [Commented] (QPID-3415) CRAM-MD5-HASHED not supported by 0-10 protocol (+ no suppport for custom SASL mechanisms).

jirapos...@reviews.apache.org (JIRA) Mon, 12 Sep 2011 05:08:10 -0700

    [ 
https://issues.apache.org/jira/browse/QPID-3415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13102577#comment-13102577
 ]


jirapos...@reviews.apache.org commented on QPID-3415:
-----------------------------------------------------


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/1608/
-----------------------------------------------------------

(Updated 2011-09-12 12:05:21.892862)


Review request for qpid and rajith attapattu.


Changes
-------

Attached complete udiff. Apologies for the bother.


Summary
-------

This patch changes the 0-10 code path to create the SASL callback handler using 
the CallbackHandlerRegistry.   This allows the 0-10 code path to support SASL 
mechanisms requiring other callback handlers, such as CRAM-MD5-HASHED.  Support 
for the sasl_mechs client connection option has been retained and now applies 
to the 0-8..0-9-1 code paths too.

If the user *specifies* a sasl_mechs client connection option the behaviour of 
the code is unchanged from the previous version: it restricts the list of SASL 
mechanisms in use.

If the user *does not specify* a sasl_mechs client connection option, the old 
code used a hardcoded PLAIN default.  This is no longer the case.  Now the 
client will use the first SASL mechanism from the list 
CallbackHandlerRegistry.properties that is also available on the server.

Removed dead code and strengthen unit tests.
 


This addresses bug QPID-3415.
    https://issues.apache.org/jira/browse/QPID-3415


Diffs (updated)
-----

  
/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/AMQConnectionDelegate_0_10.java
 1169685 
  
/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/handler/ConnectionStartMethodHandler.java
 1169685 
  
/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/security/CallbackHandlerRegistry.java
 1169685 
  
/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/security/CallbackHandlerRegistry.properties
 1169685 
  
/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/transport/ClientConnectionDelegate.java
 PRE-CREATION 
  
/trunk/qpid/java/client/src/test/java/org/apache/qpid/client/security/CallbackHandlerRegistryTest.java
 PRE-CREATION 
  
/trunk/qpid/java/common/src/main/java/org/apache/qpid/security/AMQPCallbackHandler.java
 1169685 
  
/trunk/qpid/java/common/src/main/java/org/apache/qpid/security/UsernamePasswordCallbackHandler.java
 1169685 
  
/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/ClientDelegate.java
 1169685 
  
/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/Connection.java 
1169685 
  
/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/ConnectionSettings.java
 1169685 
  
/trunk/qpid/java/common/src/test/java/org/apache/qpid/transport/ConnectionTest.java
 1169685 
  
/trunk/qpid/java/systests/src/main/java/org/apache/qpid/test/unit/client/connection/ConnectionTest.java
 1169685 
  
/trunk/qpid/java/systests/src/main/java/org/apache/qpid/test/unit/message/UTF8Test.java
 1169685 

Diff: https://reviews.apache.org/r/1608/diff


Testing (updated)
-------

Improved unit testing. Ran java, cpp and cpp.ssl profiles. I am not able to 
test GSSAPI locally. 


Thanks,

Keith



> CRAM-MD5-HASHED not supported by 0-10 protocol (+ no suppport for custom SASL 
> mechanisms).
> ------------------------------------------------------------------------------------------
>
>                 Key: QPID-3415
>                 URL: https://issues.apache.org/jira/browse/QPID-3415
>             Project: Qpid
>          Issue Type: Bug
>          Components: Java Client
>    Affects Versions: 0.10
>            Reporter: Keith Wall
>            Assignee: Rajith Attapattu
>             Fix For: 0.13
>
>
> If the Java broker is configured to use the Base64MD5Password password 
> database the Java client is unable to connect even if they use the sasl_mechs 
> broker option in the connection URL (sasl_mechs='CRAM-MD5-HASHED').  
> Instead the user sees:
> {code}
> org.apache.qpid.AMQException: Cannot connect to broker: Callback handler with 
> support for AuthorizeCallback required
> {code}
> The user can work around the problem by passing the -Dqpid.amqp.version 
> system property to the client, and selecting a protocol < 0-10.
> The problem is happening because on the 0-10 code path on the client, the 
> SASL CallbackHandler in use is hardcoded to UsernamePasswordCallbackhandler 
> (ClientDelegate), rather than using the facilities of CallbackHandlerRegistry 
> (as does the 0-8 and 0-9* code paths). CRAM-MD5-HASHED requires the use of a 
> different Callbackhandler.
> This also inhibits the use of custom SASL methods by the client.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:dev-subscr...@qpid.apache.org

[jira] [Commented] (QPID-3415) CRAM-MD5-HASHED not supported by 0-10 protocol (+ no suppport for custom SASL mechanisms).

Reply via email to