Jiri Danek created ARTEMIS-1396:
-----------------------------------
Summary: Log unableToValidateUser message on authentication
failure from SASL PLAIN on AMQP
Key: ARTEMIS-1396
URL: https://issues.apache.org/jira/browse/ARTEMIS-1396
Project: ActiveMQ Artemis
Issue Type: New Feature
Components: AMQP, Broker
Affects Versions: 2.4.0
Reporter: Jiri Danek
Priority: Trivial
Consider test
{{org.apache.activemq.artemis.tests.integration.amqp.AmqpSecurityTest#testSaslAuthWithInvalidCredentials}}.
It shows that broker does not print human-friendly error message.
If I increase logging level with
{{Logger.getLogger("").setLevel(Level.DEBUG);}}, I get a DEBUG message which is
a raw exception that describes the problem. It looks like {{[Thread-1
(activemq-netty-threads)] 21:31:48,458 DEBUG
[org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager]
Couldn't validate user: javax.security.auth.login.FailedLoginException:
Password does not match}}.
There seems to be some infrastructure already for producing human-readable
message, though, looking at {{throw
ActiveMQMessageBundle.BUNDLE.unableToValidateUser(connection.getRemoteAddress(),
user, certSubjectDN);}} in
https://github.com/apache/activemq-artemis/blob/74db627b83fd6cea791e0b14d74dde1eaac982c3/artemis-server/src/main/java/org/apache/activemq/artemis/core/security/impl/SecurityStoreImpl.java#L152.
There is slight problem with that. The {{PlainSASL}} class calls
SecurityStoreImpl#authenticate() with {{connection = null}}, which means that
in case of auth failure the exception returned is not the message from bundle,
but a null pointer exception due to dereferencing a null connection.
I guess that there is opportunity to polish and unify this across protocols,
maybe.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
