[jira] [Resolved] (ARTEMIS-1396) Log unableToValidateUser message on authentication failure from SASL PLAIN on AMQP

Wed, 10 Apr 2024 21:48:58 -0700 


     [ 
https://issues.apache.org/jira/browse/ARTEMIS-1396?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Justin Bertram resolved ARTEMIS-1396.
-------------------------------------
    Resolution: Invalid

Seems like the log message is fine now.

> Log unableToValidateUser message on authentication failure from SASL PLAIN on 
> AMQP
> ----------------------------------------------------------------------------------
>
>                 Key: ARTEMIS-1396
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-1396
>             Project: ActiveMQ Artemis
>          Issue Type: New Feature
>          Components: AMQP, Broker
>    Affects Versions: 2.4.0
>            Reporter: Jiri Daněk
>            Priority: Trivial
>
> Consider test 
> {{org.apache.activemq.artemis.tests.integration.amqp.AmqpSecurityTest#testSaslAuthWithInvalidCredentials}}.
>  It shows that broker does not print human-friendly error message.
> If I increase logging level with 
> {{Logger.getLogger("").setLevel(Level.DEBUG);}}, I get a DEBUG message which 
> is a raw exception that describes the problem. It looks like {{[Thread-1 
> (activemq-netty-threads)] 21:31:48,458 DEBUG 
> [org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager] 
> Couldn't validate user: javax.security.auth.login.FailedLoginException: 
> Password does not match}}.
> There seems to be some infrastructure already for producing human-readable 
> message, though, looking at {{throw 
> ActiveMQMessageBundle.BUNDLE.unableToValidateUser(connection.getRemoteAddress(),
>  user, certSubjectDN);}} in 
> https://github.com/apache/activemq-artemis/blob/74db627b83fd6cea791e0b14d74dde1eaac982c3/artemis-server/src/main/java/org/apache/activemq/artemis/core/security/impl/SecurityStoreImpl.java#L152.
> There is slight problem with that. The {{PlainSASL}} class calls 
> SecurityStoreImpl#authenticate() with {{connection = null}}, which means that 
> in case of auth failure the exception returned is not the message from 
> bundle, but a null pointer exception due to dereferencing a null connection.
> I guess that there is opportunity to polish and unify this across protocols, 
> maybe.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to