Alex Rudyy created QPID-7444:
--------------------------------
Summary: [Java Broker] 500 http status code is returned on attempt
to start SASL negotiation using SASL mechanism not supported by authentication
provider
Key: QPID-7444
URL: https://issues.apache.org/jira/browse/QPID-7444
Project: Qpid
Issue Type: Task
Components: Java Broker
Affects Versions: qpid-java-6.0.4, qpid-java-6.0.3, qpid-java-6.0.2,
qpid-java-6.0.1, qpid-java-6.0
Reporter: Alex Rudyy
When http client attempts to start SASL negotiation using mechanism which is
unsupported by authentication provider, 500 http status code is returned by the
broker which is used to report a server error.
It seems that server should return 403 http status code in this case.
The exception reported into broker log is below
{noformat}
2016-09-23 10:29:25,806 INFO [HttpManagement-HTTP-251]
(o.a.q.s.m.p.f.ExceptionHandlingFilter) - Exception in servlet '/service/sasl'
: javax.security.sasl.SaslException: Unsupported mechanism: CRAM-MD5.
Supported mechanisms: [SCRAM-SHA-256]
2016-09-23 10:29:25,813 WARN [HttpManagement-HTTP-251]
(o.e.j.s.ServletHandler) - /service/sasl
org.apache.qpid.server.util.ConnectionScopedRuntimeException:
javax.security.sasl.SaslException: Unsupported mechanism: CRAM-MD5.
Supported mechanisms: [SCRAM-SHA-256]
at
org.apache.qpid.server.management.plugin.servlet.rest.AbstractServlet.doWithSubjectAndActor(AbstractServlet.java:245)
~[qpid-broker-plugins-management-http-6.1.0-SNAPSHOT.jar:6.1.0-SNAPSHOT]
at
org.apache.qpid.server.management.plugin.servlet.rest.AbstractServlet.doPost(AbstractServlet.java:117)
~[qpid-broker-plugins-management-http-6.1.0-SNAPSHOT.jar:6.1.0-SNAPSHOT]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:595)
~[geronimo-servlet_3.0_spec-1.0.jar:1.0]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:668)
~[geronimo-servlet_3.0_spec-1.0.jar:1.0]
at
org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:684)
~[jetty-servlet-8.1.17.v20150415.jar:8.1.17.v20150415]
at
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1496)
~[jetty-servlet-8.1.17.v20150415.jar:8.1.17.v20150415]
at
org.apache.qpid.server.management.plugin.filter.ForbiddingAuthorisationFilter.doFilter(ForbiddingAuthorisationFilter.java:94)
~[qpid-broker-plugins-management-http-6.1.0-SNAPSHOT.jar:6.1.0-SNAPSHOT]
at
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1467)
~[jetty-servlet-8.1.17.v20150415.jar:8.1.17.v20150415]
at
org.apache.qpid.server.management.plugin.filter.ForbiddingTraceFilter.doFilter(ForbiddingTraceFilter.java:65)
~[qpid-broker-plugins-management-http-6.1.0-SNAPSHOT.jar:6.1.0-SNAPSHOT]
at
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1467)
~[jetty-servlet-8.1.17.v20150415.jar:8.1.17.v20150415]
at
org.apache.qpid.server.management.plugin.filter.LoggingFilter.doFilter(LoggingFilter.java:70)
~[qpid-broker-plugins-management-http-6.1.0-SNAPSHOT.jar:6.1.0-SNAPSHOT]
at
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1467)
~[jetty-servlet-8.1.17.v20150415.jar:8.1.17.v20150415]
at
org.eclipse.jetty.servlets.CrossOriginFilter.handle(CrossOriginFilter.java:247)
~[jetty-servlets-8.1.17.v20150415.jar:8.1.17.v20150415]
at
org.eclipse.jetty.servlets.CrossOriginFilter.doFilter(CrossOriginFilter.java:210)
~[jetty-servlets-8.1.17.v20150415.jar:8.1.17.v20150415]
at
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1467)
~[jetty-servlet-8.1.17.v20150415.jar:8.1.17.v20150415]
at
org.apache.qpid.server.management.plugin.filter.ExceptionHandlingFilter.doFilter(ExceptionHandlingFilter.java:56)
~[qpid-broker-plugins-management-http-6.1.0-SNAPSHOT.jar:6.1.0-SNAPSHOT]
at
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1467)
~[jetty-servlet-8.1.17.v20150415.jar:8.1.17.v20150415]
at
org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:501)
[jetty-servlet-8.1.17.v20150415.jar:8.1.17.v20150415]
at
org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:229)
[jetty-server-8.1.17.v20150415.jar:8.1.17.v20150415]
at
org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)
[jetty-server-8.1.17.v20150415.jar:8.1.17.v20150415]
at
org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:429)
[jetty-servlet-8.1.17.v20150415.jar:8.1.17.v20150415]
at
org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
[jetty-server-8.1.17.v20150415.jar:8.1.17.v20150415]
at
org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)
[jetty-server-8.1.17.v20150415.jar:8.1.17.v20150415]
at
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
[jetty-server-8.1.17.v20150415.jar:8.1.17.v20150415]
at
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
[jetty-server-8.1.17.v20150415.jar:8.1.17.v20150415]
at org.eclipse.jetty.server.Server.handle(Server.java:370)
[jetty-server-8.1.17.v20150415.jar:8.1.17.v20150415]
at
org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:494)
[jetty-server-8.1.17.v20150415.jar:8.1.17.v20150415]
at
org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:982)
[jetty-server-8.1.17.v20150415.jar:8.1.17.v20150415]
at
org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:1043)
[jetty-server-8.1.17.v20150415.jar:8.1.17.v20150415]
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:865)
[jetty-http-8.1.17.v20150415.jar:8.1.17.v20150415]
at
org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240)
[jetty-http-8.1.17.v20150415.jar:8.1.17.v20150415]
at
org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
[jetty-server-8.1.17.v20150415.jar:8.1.17.v20150415]
at
org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:696)
[jetty-io-8.1.17.v20150415.jar:8.1.17.v20150415]
at
org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:53)
[jetty-io-8.1.17.v20150415.jar:8.1.17.v20150415]
at
org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
[jetty-util-8.1.17.v20150415.jar:8.1.17.v20150415]
at
org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)
[jetty-util-8.1.17.v20150415.jar:8.1.17.v20150415]
at java.lang.Thread.run(Thread.java:745) [na:1.8.0_77]
Caused by: javax.security.sasl.SaslException: Unsupported mechanism: CRAM-MD5.
Supported mechanisms: [SCRAM-SHA-256]
at
org.apache.qpid.server.security.SubjectCreator.createSaslServer(SubjectCreator.java:102)
~[qpid-broker-core-6.1.0-SNAPSHOT.jar:6.1.0-SNAPSHOT]
at
org.apache.qpid.server.management.plugin.servlet.rest.SaslServlet.doPostWithSubjectAndActor(SaslServlet.java:133)
~[qpid-broker-plugins-management-http-6.1.0-SNAPSHOT.jar:6.1.0-SNAPSHOT]
at
org.apache.qpid.server.management.plugin.servlet.rest.AbstractServlet$2.run(AbstractServlet.java:123)
~[qpid-broker-plugins-management-http-6.1.0-SNAPSHOT.jar:6.1.0-SNAPSHOT]
at
org.apache.qpid.server.management.plugin.servlet.rest.AbstractServlet$2.run(AbstractServlet.java:119)
~[qpid-broker-plugins-management-http-6.1.0-SNAPSHOT.jar:6.1.0-SNAPSHOT]
at java.security.AccessController.doPrivileged(Native Method)
~[na:1.8.0_77]
at javax.security.auth.Subject.doAs(Subject.java:422) ~[na:1.8.0_77]
at
org.apache.qpid.server.management.plugin.servlet.rest.AbstractServlet.doWithSubjectAndActor(AbstractServlet.java:220)
~[qpid-broker-plugins-management-http-6.1.0-SNAPSHOT.jar:6.1.0-SNAPSHOT]
... 36 common frames omitted
{noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
