[jira] [Commented] (ARTEMIS-409) Authentication failures in STOMP should be clearly reported

Mon, 30 May 2016 00:38:51 -0700 

    [ 
https://issues.apache.org/jira/browse/ARTEMIS-409?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15306343#comment-15306343
 ] 

Lionel Cons commented on ARTEMIS-409:
-------------------------------------

In case of authentication failure, Artemis (latest snapshot) currently returns 
an {{ERROR}} frame containing:

{code}
ERROR
content-type:text/plain
message:Failed to connect
content-length:31

The login account is not valid.
{code}

It also logs an {{INFO}} message:

{code}
2016-05-30 09:28:04,065 
[org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager] 
INFO Couldn't validate user: User does exist
{code}

In comparison, ActiveMQ 5 returns the following frame:

{code}
ERROR
content-type:text/plain
message:User name [foo] or password is invalid.

java.lang.SecurityException: User name [foo] or password is invalid.
        at 
org.apache.activemq.security.JaasAuthenticationBroker.authenticate(JaasAuthenticationBroker.java:89)
        at 
org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:68)
        [...]
{code}

It also logs a {{WARN}} message:

{code}
2016-05-30 09:28:47,334 [ActiveMQ NIO Worker 4] WARN Service - Security Error 
occurred on connection to: tcp://192.168.1.2:5577, User name [foo] or password 
is invalid.
{code}

First of all, an authentication error is an unexpected event so it should IMHO 
trigger a {{WARN}} and not an {{INFO}}.

Then, it is *very* useful to also log the user name as well as the client IP 
address. Both pieces of information are essential to find out the culprit, 
often a misconfigured program.

> Authentication failures in STOMP should be clearly reported
> -----------------------------------------------------------
>
>                 Key: ARTEMIS-409
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-409
>             Project: ActiveMQ Artemis
>          Issue Type: Improvement
>          Components: Stomp
>            Reporter: Lionel Cons
>            Assignee: Justin Bertram
>
> When supplying incorrect credentials to a STOMP connection, Artemis simply 
> returns a generic {{Failed to connect}} ERROR frame.
> To ease identifying the real cause of the failure, a more precise error 
> message should be returned.
> FWIW, here is what ActiveMQ 5.x returns: {{Security Error occurred: User name 
> [dummy] or password is invalid}}.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to