[jira] [Commented] (QPID-3396) Specifying username/password in JMS clients should not be mandatory

Mon, 13 Aug 2012 09:01:39 -0700 

    [ 
https://issues.apache.org/jira/browse/QPID-3396?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13433235#comment-13433235
 ] 

Rajith Attapattu commented on QPID-3396:
----------------------------------------

"if sasl_mechs is not present, it logs warning that sasl_mechs is being set to 
ANONYMOUS (as we assume that no credentials means ANONYMOUS mechanism so we 
have to restrict the client to it)"

This is not correct. Simply bcos user/pass is missing, we can't force the 
client to use "ANONYMOUS".
For example for GSSAPI and EXTERNAL you don't need a user/pass. Infact the 
customer who logged the original issue was using EXTERNAL and was wondering why 
he needs to specify user/pass.

Again I think the correct behaviour is to look at the selected mech (after 
negotiation with the peer) and then see if user/pass is required. If so then 
throw an exception.
                
> Specifying username/password in JMS clients should not be mandatory
> -------------------------------------------------------------------
>
>                 Key: QPID-3396
>                 URL: https://issues.apache.org/jira/browse/QPID-3396
>             Project: Qpid
>          Issue Type: Bug
>          Components: Java Client
>    Affects Versions: 0.18
>            Reporter: Pavel Moravec
>            Priority: Minor
>         Attachments: 0001-connectionURL-credentials-optional.patch, 
> CredentialsMandatory.java
>
>
> Description of problem:
> Section 3.2.2 of the Programming in Apache Qpid guide says that the
> username/password in the JNDI connection URL is optional:
> amqp://[<user>:<pass>@][<clientid>]<virtualhost>[?<option>='<value>'[&<option>='<value>']]
> However skipping the [<user>:<pass>@] part in an URL leads to exception 
> raised.
> How reproducible:
> 100%
> Steps to Reproduce:
> 1. Set auth=no in /etc/qpidd.conf
> 2. Run connectionURLWithoutUserInfo in attached JUnit test
> Actual results:
> Exception raised:
> User information not found on url between indicies 7 and 1
> amqp://clientid/test?brokerlist='tcp://localhost:5672' ^ at
> org.apache.qpid.url.URLHelper.parseError(URLHelper.java:143) at
> org.apache.qpid.url.URLHelper.parseError(URLHelper.java:138) at
> org.apache.qpid.client.url.URLParser.parseURL(URLParser.java:111) at
> org.apache.qpid.client.url.URLParser.<init>(URLParser.java:42) at
> org.apache.qpid.client.AMQConnectionURL.<init>(AMQConnectionURL.java:63) at
> com.gs.mrg.eval.PLAIN_AuthenticationExample.connectionURLWithoutUserInfo(PLAIN_AuthenticationExample.java:109)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597) at
> org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:44)
> at
> org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:15)
> at
> org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:41)
> at
> org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:20)
> at
> org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:28)
> at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:274) at
> org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:70)
> at
> org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:48)
> at org.junit.runners.ParentRunner$3.run(ParentRunner.java:242) at
> org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:58) at
> org.junit.runners.ParentRunner.runChildren(ParentRunner.java:240) at
> org.junit.runners.ParentRunner.access$000(ParentRunner.java:48) at
> org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:233) at
> org.junit.runners.ParentRunner.run(ParentRunner.java:303) at
> org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:49)
> at
> org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)
> at
> org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:467)
> at
> org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:683)
> at
> org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:390)
> at
> org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:197)
> Expected results:
> No exception raised, the broker should authenticate the connection request.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to