[
https://issues.apache.org/jira/browse/QPID-3396?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13596041#comment-13596041
]
Rajith Attapattu commented on QPID-3396:
----------------------------------------
Alex and Robbie, could you please have a look at the following patch for the
0-8/0-9 code path?
{code}
---
a/qpid/java/client/src/main/java/org/apache/qpid/client/handler/ConnectionStartMethodHandler.java
+++
b/qpid/java/client/src/main/java/org/apache/qpid/client/handler/ConnectionStartMethodHandler.java
@@ -37,6 +37,7 @@ import org.apache.qpid.framing.ConnectionStartOkBody;
import org.apache.qpid.framing.FieldTable;
import org.apache.qpid.framing.FieldTableFactory;
import org.apache.qpid.framing.ProtocolVersion;
+import org.apache.qpid.jms.ConnectionURL;
import org.apache.qpid.properties.ConnectionStartProperties;
import javax.security.sasl.Sasl;
@@ -108,6 +109,13 @@ public class ConnectionStartMethodHandler implements
StateAwareMethodListener<Co
throw new AMQException(null, "No supported security
mechanism found, passed: " + new String(body.getMechanisms()), null);
}
+ ConnectionURL connectionURL =
session.getAMQConnection().getConnectionURL();
+ if ((connectionURL.getUsername() == null ||
connectionURL.getPassword() == null)
+ &&
CallbackHandlerRegistry.getInstance().isUserPassRequired(mechanism))
+ {
+ throw new AMQException(null,"Username and Password is
required for the selected mechanism : " + mechanism,null);
+ }
+
byte[] saslResponse;
try
{
{code}
It appears the 0-8/0-9 code path does not allow the mech list to be constrained
by the list provided in the connection URL, so we need to exclude the test from
this code path as it will only work as expected bcos the broker is selecting
CRAM-MD5 which requires user/pass.
When I run the testExceptionWhenUserPassIsRequired with the above patch, I see
the correct exception being raised (due to the broker selecting CRAM-MD5) but
the test fails as the connection close seems to time out. So I'm not sure about
the viability of this fix being done on the 0-8/0-9 code path.
org.apache.qpid.AMQTimeoutException: Server did not respond in a timely fashion
[error code 408: Request Timeout]
at
org.apache.qpid.client.util.BlockingWaiter.block(BlockingWaiter.java:177)
at org.apache.qpid.client.state.StateWaiter.await(StateWaiter.java:114)
at org.apache.qpid.client.state.StateWaiter.await(StateWaiter.java:91)
at
org.apache.qpid.client.AMQConnectionDelegate_8_0.makeBrokerConnection(AMQConnectionDelegate_8_0.java:135)
at
org.apache.qpid.client.AMQConnection.makeBrokerConnection(AMQConnection.java:619)
at org.apache.qpid.client.AMQConnection.<init>(AMQConnection.java:398)
at org.apache.qpid.client.AMQConnection.<init>(AMQConnection.java:222)
at
org.apache.qpid.test.unit.client.connection.ConnectionTest.testExceptionWhenUserPassIsRequired(ConnectionTest.java:362)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at junit.framework.TestCase.runTest(TestCase.java:154)
> Specifying username/password in JMS clients should not be mandatory
> -------------------------------------------------------------------
>
> Key: QPID-3396
> URL: https://issues.apache.org/jira/browse/QPID-3396
> Project: Qpid
> Issue Type: Bug
> Components: Java Client
> Affects Versions: 0.18
> Reporter: Pavel Moravec
> Assignee: Rajith Attapattu
> Priority: Minor
> Attachments: 0001-connectionURL-credentials-optional.patch,
> CredentialsMandatory.java
>
>
> Description of problem:
> Section 3.2.2 of the Programming in Apache Qpid guide says that the
> username/password in the JNDI connection URL is optional:
> amqp://[<user>:<pass>@][<clientid>]<virtualhost>[?<option>='<value>'[&<option>='<value>']]
> However skipping the [<user>:<pass>@] part in an URL leads to exception
> raised.
> How reproducible:
> 100%
> Steps to Reproduce:
> 1. Set auth=no in /etc/qpidd.conf
> 2. Run connectionURLWithoutUserInfo in attached JUnit test
> Actual results:
> Exception raised:
> User information not found on url between indicies 7 and 1
> amqp://clientid/test?brokerlist='tcp://localhost:5672' ^ at
> org.apache.qpid.url.URLHelper.parseError(URLHelper.java:143) at
> org.apache.qpid.url.URLHelper.parseError(URLHelper.java:138) at
> org.apache.qpid.client.url.URLParser.parseURL(URLParser.java:111) at
> org.apache.qpid.client.url.URLParser.<init>(URLParser.java:42) at
> org.apache.qpid.client.AMQConnectionURL.<init>(AMQConnectionURL.java:63) at
> com.gs.mrg.eval.PLAIN_AuthenticationExample.connectionURLWithoutUserInfo(PLAIN_AuthenticationExample.java:109)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597) at
> org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:44)
> at
> org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:15)
> at
> org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:41)
> at
> org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:20)
> at
> org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:28)
> at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:274) at
> org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:70)
> at
> org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:48)
> at org.junit.runners.ParentRunner$3.run(ParentRunner.java:242) at
> org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:58) at
> org.junit.runners.ParentRunner.runChildren(ParentRunner.java:240) at
> org.junit.runners.ParentRunner.access$000(ParentRunner.java:48) at
> org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:233) at
> org.junit.runners.ParentRunner.run(ParentRunner.java:303) at
> org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:49)
> at
> org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)
> at
> org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:467)
> at
> org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:683)
> at
> org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:390)
> at
> org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:197)
> Expected results:
> No exception raised, the broker should authenticate the connection request.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
