Hi Fraser, sorry for later response, I was in a rush at work. Yes my patch talks about internal variables "username" and "password".
Your suggestion makes sense - could you please attach it as a comment to the JIRA? Thanks, Pavel ----- Original Message ----- > From: "Fraser Adams" <[email protected]> > To: [email protected] > Sent: Friday, January 25, 2013 1:15:07 PM > Subject: Re: Could somebody *please* explain Java Connection URLs...:-) > > Hi Pavel, > Thanks so much for the reply! > So I'm thinking that this has always been the case with Java (despite > the Jira referring to 0.18)? I'm thinking this is why I always ended > up > using guest:guest@ URLs when I started out, but it was a long time > ago :-) > > > You mention in the Jira comments at one point about: > > "New version of patch. It again sets username to "anonymous" and > password to "" (only when the credentials are missing)" > > As I mentioned in my ramble below I actually tried *explicitly* > doing: > > amqp://anonymous:""@clientid/test?brokerlist='tcp://localhost:5672' > > > in one of my tests, but that resulted in: > > connectionfactory.ConnectionFactory=amqp://anonymous:""@clientid/test?brokerlist='tcp://localhost:5672', > destination.publishedAddress=amq.match} > main 2013-01-25 11:48:53,809 WARN > [apache.qpid.jndi.PropertiesFileInitialContextFactory] Unable to > createFactories:Illegal character in authority between indicies 7 and > 1 > amqp://anonymous:""@clientid/test?brokerlist='tcp://localhost:5672' > ^ > createJMSSession() connectionFactory lookup failed, retrying > > > > So I'm guessing that what you are talking about is "under the hood" > and > bypasses that particular test?? I personally think that this bug > notice > should be extended to cover implicit *and* explicit settings of > anonymous - what d'you reckon? > > > > The reason that I'm particularly interested in this issue now is that > Bruno Matos noticed an issue with my recent Qpid GUI (well really in > the > back-end REST Server). He was running with a broker set to the > default > --auth yes and got the exception: > > INFO org.apache.qpid.client.AMQConnection - Not a hard-error > connection > not closing: org.apache.qpid.AMQException: ch=1 id=7 > ExecutionException(errorCode=UNAUTHORIZED_ACCESS, commandId=14, > classCode=0, commandCode=0, fieldIndex=0, > description=unauthorized-access: authorised user id : anonymous@QPID > but > user id in message declared as guest > (qpid/broker/SemanticState.cpp:484), errorInfo={}) [error code 403: > access refused] > > > So my reckoning was that issue was down to my ConnectionHelper class > constructing a ConnectionURL of the form > "amqp://guest:guest@clientid........" when no user/passwd is > specified > (which would be the case for a default URL created if no "-a" option > had > been specified). > > I was planning on looking into that (defaulting it to anonymous > rather > than guest), hence my investigations, but it's looking like the > underlying issue is deeper than my code. I guess that even when your > patch makes it into the code base I'm going to have to be careful > 'cause > any patch will only work for up-to-date versions on the client > runtime. > > > Do you have any thoughts for a way 'round this or is Bruno (and > others) > just going to have to add guest as well as anonymous (or use proper > usernames/passwds) if they run with --auth yes > > Cheers (thanks for restoring my sanity :-)) > > Sorry Bruno - not sure there's much I can do to sort that particular > issue that you'd seen unless Pavel has any good ideas here (though as > I > said previously you should be able to specify your own default > connection using the -a option in QpidRestAPI so that the GUI will > use > that as the default - rather than having to add a new connection on > the GUI) > Frase > > > > > On 25/01/13 10:41, Pavel Moravec wrote: > > Hi Fraser, > > there is a bug in Java client disallowing no credentials option, > > see https://issues.apache.org/jira/browse/QPID-3396. > > > > Kind regards, > > Pavel > > > > > > ----- Original Message ----- > >> From: "Fraser Adams" <[email protected]> > >> To: [email protected] > >> Sent: Friday, January 25, 2013 11:07:29 AM > >> Subject: Could somebody *please* explain Java Connection > >> URLs...:-) > >> > >> It's a little embarrassing 'cause I've kind of been using these > >> for a > >> couple of years, but as they are ever so slightly obtuse :-> I've > >> generally been lazy/pragmatic and did copy'n'paste of things that > >> have > >> worked. > >> > >> > >> Because of the various URL differences (the ones used by the > >> python > >> tools, the qpid::messaging amqp URL and the Java ConnectionURL I > >> also > >> wrote a ConnectionHelper class to allow me to specify URLs in any > >> format). This class basically creates a Java ConnectionURL with > >> sensible > >> values filled in when I specify one of the shorter (AKA more > >> convenient!!) formats. > >> > >> I'm generally OK on the brokerList sub URLs and the options I put > >> in > >> there seem to be fine..... > >> > >> However I've just been bitten. 'Cause I've been a bit lazy and > >> mostly > >> tested and tinkered with qpidd --auth no or actually used a proper > >> user/password I ended up having defaults of guest:guest in > >> ConnectionHelper. This hasn't hitherto been an issue for me but > >> standing > >> up a vanilla qpidd with auth yes the unsecured authentication > >> username > >> is anonymous *not* guest..... > >> > >> > >> > >> The documentation > >> http://qpid.apache.org/books/0.20/Programming-In-Apache-Qpid/html/QpidJNDI.html#id2553965 > >> says: > >> > >> amqp://[<user>:<pass>@][<clientid>]<virtualhost>[?<option>='<value>'[&<option>='<value>']] > >> > >> But I'm not convinced that's accurate. I've been hacking around > >> with > >> a > >> few ConnectionURLs in a JNDI file and > >> > >> # simple URL with user = guest > >> #connectionfactory.ConnectionFactory = > >> amqp://guest:guest@clientid/test?brokerlist='tcp://localhost:5672' > >> > >> # Omitting the clientid bit seems to work OK > >> #connectionfactory.ConnectionFactory = > >> amqp://guest:guest@/test?brokerlist='tcp://localhost:5672' > >> > >> # Omitting the virtualhost bit seems to work too, but the slash is > >> important e.g. /test and / work test does not?? > >> #connectionfactory.ConnectionFactory = > >> amqp://guest:guest@/?brokerlist='tcp://localhost:5672' > >> > >> > >> But I *cannot* get/figure out how to do anonymous from a Java > >> Client > >> to > >> a C++ broker. > >> > >> According to the BNF form in the documentation > >> connectionfactory.ConnectionFactory = > >> amqp://clientid/test?brokerlist='tcp://localhost:5672' > >> > >> *should* work as [<user>:<pass>@] ought to be optional, but that > >> just > >> gives "connectionFactory lookup failed, retrying" with both --auth > >> no > >> and --auth yes > >> > >> Same for > >> > >> connectionfactory.ConnectionFactory = > >> amqp://@clientid/test?brokerlist='tcp://localhost:5672' > >> > >> If I do > >> > >> connectionfactory.ConnectionFactory = > >> amqp://:@clientid/test?brokerlist='tcp://localhost:5672' > >> > >> That actually connects to a broker with --auth no, but barfs with > >> an > >> error "warning Failed to retrieve sasl username" on a broker with > >> --auth yes > >> > >> connectionfactory.ConnectionFactory = > >> amqp://anonymous:@clientid/test?brokerlist='tcp://localhost:5672' > >> Actually connects to a broker with --auth no, but barfs with no > >> error > >> on > >> a broker with --auth yes and a "connectionFactory lookup failed, > >> retrying" > >> > >> When I add info logging I get > >> > >> main 2013-01-25 09:51:26,539 INFO > >> [apache.qpid.client.AMQConnection] > >> Connection:amqp://anonymous:********@clientid/test?brokerlist='tcp://localhost:5672' > >> main 2013-01-25 09:51:26,973 INFO > >> [qpid.client.protocol.AMQProtocolSession] Using ProtocolVersion > >> for > >> Session:0-10 > >> main 2013-01-25 09:51:26,995 INFO > >> [qpid.client.handler.ClientMethodDispatcherImpl] New Method > >> Dispatcher:AMQProtocolSession[null] > >> main 2013-01-25 09:51:27,016 INFO > >> [apache.qpid.client.AMQConnection] > >> Connecting with ProtocolHandler Version:0-10 > >> main 2013-01-25 09:51:27,167 INFO > >> [apache.qpid.client.AMQConnection] > >> Unable to connect to broker at tcp://localhost:5672 > >> org.apache.qpid.AMQException: *Cannot connect to broker: > >> connection-forced: Authentication failed [error code 320: context > >> in > >> use*] > >> at > >> org.apache.qpid.client.AMQConnectionDelegate_0_10.makeBrokerConnection(AMQConnectionDelegate_0_10.java:203) > >> at > >> org.apache.qpid.client.AMQConnection.makeBrokerConnection(AMQConnection.java:609) > >> at org.apache.qpid.client.A............... > >> > >> Logging at DEBUG doesn't give any more useful info. > >> > >> I've tried > >> > >> connectionfactory.ConnectionFactory = > >> amqp://anonymous:anonymous@clientid/test?brokerlist='tcp://localhost:5672' > >> connectionfactory.ConnectionFactory = > >> amqp://anonymous:""@clientid/test?brokerlist='tcp://localhost:5672' > >> connectionfactory.ConnectionFactory = > >> amqp://anonymous:''@clientid/test?brokerlist='tcp://localhost:5672' > >> connectionfactory.ConnectionFactory = amqp://anonymous: > >> @clientid/test?brokerlist='tcp://localhost:5672' > >> > >> > >> and they *all* barf out :-( > >> > >> So could someone please tell me what the magic incantation is on a > >> Java > >> ConnectionURL for connecting with anonymous from a Java Client to > >> a > >> C++ > >> broker. > >> > >> just to confirm too that I've tried qpid-config with no parameters > >> to > >> the same broker with auth on and off and that works fine so it > >> looks > >> like anonymous "authentication" is actually working, just not with > >> Java. > >> > >> I'm still using 0.12 if that makes any difference (hope to hit > >> 0.20 > >> soon > >> but wanted to look at this first) > >> > >> > >> Any ideas?? > >> > >> Cheers, > >> Frase > >> > >> > >> > >> > >> > >> > >> > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
