[jira] [Updated] (AMQ-8369) Client receive unnecessary stack trace for invalid credentials when ssl enabled

Charlie Chen (Jira) Wed, 01 Sep 2021 11:19:06 -0700


     [ 
https://issues.apache.org/jira/browse/AMQ-8369?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Charlie Chen updated AMQ-8369:
------------------------------
    Summary: Client receive unnecessary stack trace for invalid credentials 
when ssl enabled  (was: Client receive necessary stack trace for invalid 
credentials when ssl enabled)

> Client receive unnecessary stack trace for invalid credentials when ssl 
> enabled
> -------------------------------------------------------------------------------
>
>                 Key: AMQ-8369
>                 URL: https://issues.apache.org/jira/browse/AMQ-8369
>             Project: ActiveMQ
>          Issue Type: Bug
>    Affects Versions: 5.15.15, 5.16.2, 5.16.3
>            Reporter: Charlie Chen
>            Priority: Major
>
> when ssl is enabled, client receive necessary stack trace for invalid 
> credentials. 
> {code:java}
> ## correct username & password
> chenchrl@3c22fbb23e81 ~ % java -jar a-1.5.0-jar-with-dependencies.jar -b 
> "failover:(ssl://b-55a06365-2d7a-4b93-92cd-af428eea0018-1.mq.us-west-2.amazonaws.com:61617,ssl://b-55a06365-2d7a-4b93-92cd-af428eea0018-2.mq.us-west-2.amazonaws.com:61617)"
>  -U admin -P [correct password] -p "foobar" test_queue
> Message sent
> Operation completed in 59ms (excluding connect)
> ## wrong password
> chenchrl@3c22fbb23e81 ~ % java -jar a-1.5.0-jar-with-dependencies.jar -b 
> "failover:(ssl://b-55a06365-2d7a-4b93-92cd-af428eea0018-1.mq.us-west-2.amazonaws.com:61617,ssl://b-55a06365-2d7a-4b93-92cd-af428eea0018-2.mq.us-west-2.amazonaws.com:61617)"
>  -U admin -P fakepass -p "foobar" test_queue
> javax.jms.JMSSecurityException: User name [admin] or password is invalid.
>     at 
> org.apache.activemq.util.JMSExceptionSupport.create(JMSExceptionSupport.java:52)
>     at 
> org.apache.activemq.ActiveMQConnection.syncSendPacket(ActiveMQConnection.java:1403)
>     at 
> org.apache.activemq.ActiveMQConnection.ensureConnectionInfoSent(ActiveMQConnection.java:1486)
>     at 
> org.apache.activemq.ActiveMQConnection.createSession(ActiveMQConnection.java:329)
>     at co.nordlander.a.A.connect(A.java:370)
>     at co.nordlander.a.A.run(A.java:181)
>     at co.nordlander.a.A.main(A.java:149)
> Caused by: java.lang.SecurityException: User name [admin] or password is 
> invalid.
>     at 
> org.apache.activemq.security.JaasAuthenticationBroker.authenticate(JaasAuthenticationBroker.java:97)
>     at 
> org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:68)
>     at 
> org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:99)
>     at 
> org.apache.activemq.broker.TransportConnection.processAddConnection(TransportConnection.java:848)
>     at 
> org.apache.activemq.broker.jmx.ManagedTransportConnection.processAddConnection(ManagedTransportConnection.java:77)
>     at 
> org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:139)
>     at 
> org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:331)
>     at 
> org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:200)
>     at 
> org.apache.activemq.transport.MutexTransport.onCommand(MutexTransport.java:50)
>     at 
> org.apache.activemq.transport.WireFormatNegotiator.onCommand(WireFormatNegotiator.java:125)
>     at 
> org.apache.activemq.transport.AbstractInactivityMonitor.onCommand(AbstractInactivityMonitor.java:301)
>     at 
> org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:83)
>     at 
> org.apache.activemq.transport.tcp.SslTransport.doConsume(SslTransport.java:171)
>     at 
> org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:233)
>     at 
> org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:215)
>     at java.lang.Thread.run(Thread.java:749)
> Caused by: javax.security.auth.login.FailedLoginException: Password does not 
> match
>     at 
> org.apache.activemq.jaas.PropertiesLoginModule.login(PropertiesLoginModule.java:95)
>     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>     at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>     at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>     at java.lang.reflect.Method.invoke(Method.java:498)
>     at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)
>     at 
> javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
>     at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
>     at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
>     at java.security.AccessController.doPrivileged(Native Method)
>     at 
> javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
>     at javax.security.auth.login.LoginContext.login(LoginContext.java:587)
>     at 
> org.apache.activemq.security.JaasAuthenticationBroker.authenticate(JaasAuthenticationBroker.java:92)
>     ... 15 more
> ## wrong username
> chenchrl@3c22fbb23e81 ~ % java -jar a-1.5.0-jar-with-dependencies.jar -b 
> "failover:(ssl://b-55a06365-2d7a-4b93-92cd-af428eea0018-1.mq.us-west-2.amazonaws.com:61617,ssl://b-55a06365-2d7a-4b93-92cd-af428eea0018-2.mq.us-west-2.amazonaws.com:61617)"
>  -U fakeuser -P fakepass -p "foobar" test_queue
> javax.jms.JMSSecurityException: User name [fakeuser] or password is invalid.
>     at 
> org.apache.activemq.util.JMSExceptionSupport.create(JMSExceptionSupport.java:52)
>     at 
> org.apache.activemq.ActiveMQConnection.syncSendPacket(ActiveMQConnection.java:1403)
>     at 
> org.apache.activemq.ActiveMQConnection.ensureConnectionInfoSent(ActiveMQConnection.java:1486)
>     at 
> org.apache.activemq.ActiveMQConnection.createSession(ActiveMQConnection.java:329)
>     at co.nordlander.a.A.connect(A.java:370)
>     at co.nordlander.a.A.run(A.java:181)
>     at co.nordlander.a.A.main(A.java:149)
> Caused by: java.lang.SecurityException: User name [fakeuser] or password is 
> invalid.
>     at 
> org.apache.activemq.security.JaasAuthenticationBroker.authenticate(JaasAuthenticationBroker.java:97)
>     at 
> org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:68)
>     at 
> org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:99)
>     at 
> org.apache.activemq.broker.TransportConnection.processAddConnection(TransportConnection.java:848)
>     at 
> org.apache.activemq.broker.jmx.ManagedTransportConnection.processAddConnection(ManagedTransportConnection.java:77)
>     at 
> org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:139)
>     at 
> org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:331)
>     at 
> org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:200)
>     at 
> org.apache.activemq.transport.MutexTransport.onCommand(MutexTransport.java:50)
>     at 
> org.apache.activemq.transport.WireFormatNegotiator.onCommand(WireFormatNegotiator.java:125)
>     at 
> org.apache.activemq.transport.AbstractInactivityMonitor.onCommand(AbstractInactivityMonitor.java:301)
>     at 
> org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:83)
>     at 
> org.apache.activemq.transport.tcp.SslTransport.doConsume(SslTransport.java:171)
>     at 
> org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:233)
>     at 
> org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:215)
>     at java.lang.Thread.run(Thread.java:749)
> Caused by: javax.security.auth.login.FailedLoginException: User does exist
>     at 
> org.apache.activemq.jaas.PropertiesLoginModule.login(PropertiesLoginModule.java:92)
>     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>     at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>     at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>     at java.lang.reflect.Method.invoke(Method.java:498)
>     at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)
>     at 
> javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
>     at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
>     at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
>     at java.security.AccessController.doPrivileged(Native Method)
>     at 
> javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
>     at javax.security.auth.login.LoginContext.login(LoginContext.java:587)
>     at 
> org.apache.activemq.security.JaasAuthenticationBroker.authenticate(JaasAuthenticationBroker.java:92)
>     ... 15 more
> chenchrl@3c22fbb23e81 ~ %
> {code}
> Maybe related to [AMQ-8252] Unnecessary stack trace in case of invalid 
> credentials - ASF JIRA (apache.org)



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Updated] (AMQ-8369) Client receive unnecessary stack trace for invalid credentials when ssl enabled

Reply via email to