[
https://issues.apache.org/jira/browse/QPID-8208?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alex Rudyy updated QPID-8208:
-----------------------------
Description:
There is a weakness in Qpid exception handling when communication with external
services like LDAP. The Broker should take a more defensive approach and handle
unexpected exceptions thrown by underlying third-party API in addition to
exceptions declared in API interfaces. The unexpected exceptions thrown by
underlying API should not affect the stability of the Broker.
It was reported that on establishment of connection with LDAP using default
context factory {{com.sun.jndi.ldap.LdapCtxFactory}} the creation of
{{InitialDirContext}} can end-up in unexpected exception thrown from
{{com.sun.jndi.ldap.LdapClient}}. It looks like a defect in
{{com.sun.jndi.ldap.LdapClient}}, but I could not find any existing open bug
report raised against with similar behaviour. I think that Broker should catch
unexpected exception, log it and report authentication failure back to the
client.
was:
There is a weakness in Qpid exception handling when communication with external
services like LDAP. The Broker should take a more defensive approach and handle
unexpected exceptions thrown by underlying third-party API in addition to
exceptions declared in API interfaces. The unexpected exceptions thrown by
underlying API should not affect the stability of the Broker.
It was reported that on establishment of connection with LDAP using default
context factory {{com.sun.jndi.ldap.LdapCtxFactory}} the creation of can
end-up in unexpected exception thrown from {{com.sun.jndi.ldap.LdapClient}}.
Thought, it looks like a defect in {{LdapClient}}, the unexpected exceptions
should be handled appropriately. The exception should be logged and the
authentication failure error should be returned back to the client.
> [Broker-J] Improve handling of unexpected exceptions on establishing LDAP
> connections in SimpleLDAPAuthenticationProvider
> --------------------------------------------------------------------------------------------------------------------------
>
> Key: QPID-8208
> URL: https://issues.apache.org/jira/browse/QPID-8208
> Project: Qpid
> Issue Type: Improvement
> Components: Broker-J
> Affects Versions: qpid-java-6.1.6, qpid-java-broker-7.0.3,
> qpid-java-broker-7.0.2, 0.32, qpid-java-6.0, qpid-java-6.0.1,
> qpid-java-6.0.2, qpid-java-6.0.3, qpid-java-6.0.4, qpid-java-6.0.5,
> qpid-java-6.1, qpid-java-6.0.6, qpid-java-6.1.1, qpid-java-6.1.2,
> qpid-java-6.0.7, qpid-java-6.1.3, qpid-java-6.0.8, qpid-java-6.1.4,
> qpid-java-broker-7.0.0, qpid-java-6.1.5, qpid-java-broker-7.0.1,
> qpid-java-broker-7.0.4
> Reporter: Alex Rudyy
> Priority: Critical
> Fix For: qpid-java-broker-7.0.6
>
> Attachments: 0001-QPID-8208-Broker-J-Improve-exception-handling.patch
>
>
> There is a weakness in Qpid exception handling when communication with
> external services like LDAP. The Broker should take a more defensive approach
> and handle unexpected exceptions thrown by underlying third-party API in
> addition to exceptions declared in API interfaces. The unexpected exceptions
> thrown by underlying API should not affect the stability of the Broker.
> It was reported that on establishment of connection with LDAP using default
> context factory {{com.sun.jndi.ldap.LdapCtxFactory}} the creation of
> {{InitialDirContext}} can end-up in unexpected exception thrown from
> {{com.sun.jndi.ldap.LdapClient}}. It looks like a defect in
> {{com.sun.jndi.ldap.LdapClient}}, but I could not find any existing open bug
> report raised against with similar behaviour. I think that Broker should
> catch unexpected exception, log it and report authentication failure back to
> the client.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
