Charlie Chen created AMQ-8369:
---------------------------------
Summary: Client receive necessary stack trace for invalid
credentials when ssl enabled
Key: AMQ-8369
URL: https://issues.apache.org/jira/browse/AMQ-8369
Project: ActiveMQ
Issue Type: Bug
Affects Versions: 5.16.3, 5.16.2, 5.15.15
Reporter: Charlie Chen
when ssl is enabled, client receive necessary stack trace for invalid
credentials.
{code:java}
## correct username & password
chenchrl@3c22fbb23e81 ~ % java -jar a-1.5.0-jar-with-dependencies.jar -b
"failover:(ssl://b-55a06365-2d7a-4b93-92cd-af428eea0018-1.mq.us-west-2.amazonaws.com:61617,ssl://b-55a06365-2d7a-4b93-92cd-af428eea0018-2.mq.us-west-2.amazonaws.com:61617)"
-U admin -P [correct password] -p "foobar" test_queue
Message sent
Operation completed in 59ms (excluding connect)
## wrong password
chenchrl@3c22fbb23e81 ~ % java -jar a-1.5.0-jar-with-dependencies.jar -b
"failover:(ssl://b-55a06365-2d7a-4b93-92cd-af428eea0018-1.mq.us-west-2.amazonaws.com:61617,ssl://b-55a06365-2d7a-4b93-92cd-af428eea0018-2.mq.us-west-2.amazonaws.com:61617)"
-U admin -P fakepass -p "foobar" test_queue
javax.jms.JMSSecurityException: User name [admin] or password is invalid.
at
org.apache.activemq.util.JMSExceptionSupport.create(JMSExceptionSupport.java:52)
at
org.apache.activemq.ActiveMQConnection.syncSendPacket(ActiveMQConnection.java:1403)
at
org.apache.activemq.ActiveMQConnection.ensureConnectionInfoSent(ActiveMQConnection.java:1486)
at
org.apache.activemq.ActiveMQConnection.createSession(ActiveMQConnection.java:329)
at co.nordlander.a.A.connect(A.java:370)
at co.nordlander.a.A.run(A.java:181)
at co.nordlander.a.A.main(A.java:149)
Caused by: java.lang.SecurityException: User name [admin] or password is
invalid.
at
org.apache.activemq.security.JaasAuthenticationBroker.authenticate(JaasAuthenticationBroker.java:97)
at
org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:68)
at
org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:99)
at
org.apache.activemq.broker.TransportConnection.processAddConnection(TransportConnection.java:848)
at
org.apache.activemq.broker.jmx.ManagedTransportConnection.processAddConnection(ManagedTransportConnection.java:77)
at org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:139)
at
org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:331)
at
org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:200)
at
org.apache.activemq.transport.MutexTransport.onCommand(MutexTransport.java:50)
at
org.apache.activemq.transport.WireFormatNegotiator.onCommand(WireFormatNegotiator.java:125)
at
org.apache.activemq.transport.AbstractInactivityMonitor.onCommand(AbstractInactivityMonitor.java:301)
at
org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:83)
at
org.apache.activemq.transport.tcp.SslTransport.doConsume(SslTransport.java:171)
at
org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:233)
at org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:215)
at java.lang.Thread.run(Thread.java:749)
Caused by: javax.security.auth.login.FailedLoginException: Password does not
match
at
org.apache.activemq.jaas.PropertiesLoginModule.login(PropertiesLoginModule.java:95)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:587)
at
org.apache.activemq.security.JaasAuthenticationBroker.authenticate(JaasAuthenticationBroker.java:92)
... 15 more
## wrong username
chenchrl@3c22fbb23e81 ~ % java -jar a-1.5.0-jar-with-dependencies.jar -b
"failover:(ssl://b-55a06365-2d7a-4b93-92cd-af428eea0018-1.mq.us-west-2.amazonaws.com:61617,ssl://b-55a06365-2d7a-4b93-92cd-af428eea0018-2.mq.us-west-2.amazonaws.com:61617)"
-U fakeuser -P fakepass -p "foobar" test_queue
javax.jms.JMSSecurityException: User name [fakeuser] or password is invalid.
at
org.apache.activemq.util.JMSExceptionSupport.create(JMSExceptionSupport.java:52)
at
org.apache.activemq.ActiveMQConnection.syncSendPacket(ActiveMQConnection.java:1403)
at
org.apache.activemq.ActiveMQConnection.ensureConnectionInfoSent(ActiveMQConnection.java:1486)
at
org.apache.activemq.ActiveMQConnection.createSession(ActiveMQConnection.java:329)
at co.nordlander.a.A.connect(A.java:370)
at co.nordlander.a.A.run(A.java:181)
at co.nordlander.a.A.main(A.java:149)
Caused by: java.lang.SecurityException: User name [fakeuser] or password is
invalid.
at
org.apache.activemq.security.JaasAuthenticationBroker.authenticate(JaasAuthenticationBroker.java:97)
at
org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:68)
at
org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:99)
at
org.apache.activemq.broker.TransportConnection.processAddConnection(TransportConnection.java:848)
at
org.apache.activemq.broker.jmx.ManagedTransportConnection.processAddConnection(ManagedTransportConnection.java:77)
at org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:139)
at
org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:331)
at
org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:200)
at
org.apache.activemq.transport.MutexTransport.onCommand(MutexTransport.java:50)
at
org.apache.activemq.transport.WireFormatNegotiator.onCommand(WireFormatNegotiator.java:125)
at
org.apache.activemq.transport.AbstractInactivityMonitor.onCommand(AbstractInactivityMonitor.java:301)
at
org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:83)
at
org.apache.activemq.transport.tcp.SslTransport.doConsume(SslTransport.java:171)
at
org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:233)
at org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:215)
at java.lang.Thread.run(Thread.java:749)
Caused by: javax.security.auth.login.FailedLoginException: User does exist
at
org.apache.activemq.jaas.PropertiesLoginModule.login(PropertiesLoginModule.java:92)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:587)
at
org.apache.activemq.security.JaasAuthenticationBroker.authenticate(JaasAuthenticationBroker.java:92)
... 15 more
chenchrl@3c22fbb23e81 ~ %
{code}
Maybe related to [AMQ-8252] Unnecessary stack trace in case of invalid
credentials - ASF JIRA (apache.org)
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
