-
Bug
-
Resolution: Done
-
Major
-
A-MQ 7.0.0.ER6
-
None
-
None
Qpid JMS client is unable to authenticate with broker when credentials are passed to the client and only JAAS GuestLoginModule is in use. Please see following two scenarios.
== With username/pass
[0,root@mt_r6i0 clients]$ ./aac1_sender.java.sh --log-msgs dict --broker 10.34.75.242:5672 --address "'jms.queue.test_default_username_right_password_right2'" --conn-username tckuser --conn-password tckuser --count 1 12:52:41,245 DEBUG Connection=amqp://10.34.75.242:5672?jms.username=tckuser&jms.password=tckuser 12:52:41,938 INFO Best match for SASL auth was: SASL-PLAIN 12:52:42,014 ERROR Error while creating session! Client failed to authenticate javax.jms.JMSSecurityException: Client failed to authenticate at org.apache.qpid.jms.provider.amqp.AmqpSaslAuthenticator.handleSaslFail(AmqpSaslAuthenticator.java:151) at org.apache.qpid.jms.provider.amqp.AmqpSaslAuthenticator.authenticate(AmqpSaslAuthenticator.java:93) at org.apache.qpid.jms.provider.amqp.AmqpProvider.processSaslAuthentication(AmqpProvider.java:827)12:52:42,015 ERROR ExceptionListener error detected! Client failed to authenticate null at org.apache.qpid.jms.provider.amqp.AmqpProvider.processUpdates(AmqpProvider.java:814) at org.apache.qpid.jms.provider.amqp.AmqpProvider.access$1900(AmqpProvider.java:92) at org.apache.qpid.jms.provider.amqp.AmqpProvider$17.run(AmqpProvider.java:701) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) javax.jms.JMSSecurityException: Client failed to authenticate at org.apache.qpid.jms.provider.amqp.AmqpSaslAuthenticator.handleSaslFail(AmqpSaslAuthenticator.java:151) at org.apache.qpid.jms.provider.amqp.AmqpSaslAuthenticator.authenticate(AmqpSaslAuthenticator.java:93) at org.apache.qpid.jms.provider.amqp.AmqpProvider.processSaslAuthentication(AmqpProvider.java:827) at org.apache.qpid.jms.provider.amqp.AmqpProvider.processUpdates(AmqpProvider.java:814) at org.apache.qpid.jms.provider.amqp.AmqpProvider.access$1900(AmqpProvider.java:92) at org.apache.qpid.jms.provider.amqp.AmqpProvider$17.run(AmqpProvider.java:701) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745)
>>> Shouldn't broker "reject/throw away" provided credentials and consider conncted client with guest credentials insted of trying to communicate SASL?
== Without username
[1,root@mt_r6i0 clients]$ ./aac1_sender.java.sh --log-msgs dict --broker 10.34.75.242:5672 --address "'jms.queue.test_default_username_right_password_right2'" --count 1 12:53:01,332 DEBUG Connection=amqp://10.34.75.242:5672 12:53:02,077 DEBUG Skipping SASL-PLAIN mechanism because the available credentials are not sufficient 12:53:02,077 INFO Best match for SASL auth was: SASL-ANONYMOUS [8593207:0] -> Open{ containerId='ID::4f696ae2-c650-4815-a6b5-41747b33e8b9:1', hostname='10.34.75.242', maxFrameSize=1048576, channelMax=32767, idleTimeOut=30000, outgoingLocales=null, incomingLocales=null, offeredCapabilities=null, desiredCapabilities=[sole-connection-for-container], properties={product=QpidJMS, version=0.8.0.redhat-1, platform=JVM: 1.8.0_91, 25.91-b14, Oracle Corporation, OS: Linux, 2.6.32-573.18.1.el6.i686, i386}} [8593207:0] <- Open{ containerId='', hostname='', maxFrameSize=4294967295, channelMax=65535, idleTimeOut=30000, outgoingLocales=null, incomingLocales=null, offeredCapabilities=null, desiredCapabilities=null, properties=null} [8593207:0] -> Begin{remoteChannel=null, nextOutgoingId=1, incomingWindow=2047, outgoingWindow=2147483647, handleMax=65535, offeredCapabilities=null, desiredCapabilities=null, properties=null} [8593207:0] <- Begin{remoteChannel=0, nextOutgoingId=1, incomingWindow=2147483647, outgoingWindow=2147483647, handleMax=65535, offeredCapabilities=null, desiredCapabilities=null, properties=null} 12:53:02,312 DEBUG AmqpConnection { ID::6d4d2a27-b016-43f0-bf16-90b78a732f46:1 } is now open: 12:53:02,313 INFO Connection ID::6d4d2a27-b016-43f0-bf16-90b78a732f46:1 connected to remote Broker: amqp://10.34.75.242:5672 [8593207:1] -> Begin{remoteChannel=null, nextOutgoingId=1, incomingWindow=2047, outgoingWindow=2147483647, handleMax=65535, offeredCapabilities=null, desiredCapabilities=null, properties=null} [8593207:1] <- Begin{remoteChannel=1, nextOutgoingId=1, incomingWindow=2147483647, outgoingWindow=2147483647, handleMax=65535, offeredCapabilities=null, desiredCapabilities=null, properties=null} 12:53:02,339 DEBUG Creating AmqpFixedProducer for: jms.queue.test_default_username_right_password_right2 [8593207:1] -> Attach{name='qpid-jms:sender:ID::6d4d2a27-b016-43f0-bf16-90b78a732f46:1:1:1:jms.queue.test_default_username_right_password_right2', handle=0, role=SENDER, sndSettleMode=UNSETTLED, rcvSettleMode=FIRST, source=Source{address='ID::6d4d2a27-b016-43f0-bf16-90b78a732f46:1:1:1', durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false, dynamicNodeProperties=null, distributionMode=null, filter=null, defaultOutcome=null, outcomes=[amqp:accepted:list, amqp:rejected:list], capabilities=null}, target=Target{address='jms.queue.test_default_username_right_password_right2', durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false, dynamicNodeProperties=null, capabilities=[queue]}, unsettled=null, incompleteUnsettled=false, initialDeliveryCount=0, maxMessageSize=null, offeredCapabilities=null, desiredCapabilities=null, properties=null} [8593207:1] <- Attach{name='qpid-jms:sender:ID::6d4d2a27-b016-43f0-bf16-90b78a732f46:1:1:1:jms.queue.test_default_username_right_password_right2', handle=0, role=RECEIVER, sndSettleMode=MIXED, rcvSettleMode=FIRST, source=Source{address='ID::6d4d2a27-b016-43f0-bf16-90b78a732f46:1:1:1', durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false, dynamicNodeProperties=null, distributionMode=null, filter=null, defaultOutcome=null, outcomes=[amqp:accepted:list, amqp:rejected:list], capabilities=null}, target=Target{address='jms.queue.test_default_username_right_password_right2', durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false, dynamicNodeProperties=null, capabilities=[queue]}, unsettled=null, incompleteUnsettled=false, initialDeliveryCount=null, maxMessageSize=null, offeredCapabilities=null, desiredCapabilities=null, properties=null} [8593207:1] <- Flow{nextIncomingId=1, incomingWindow=2147483647, nextOutgoingId=1, outgoingWindow=2147483647, handle=0, deliveryCount=0, linkCredit=200, available=null, drain=false, echo=false, properties=null} [8593207:1] -> Transfer{handle=0, deliveryId=0, deliveryTag=0, messageFormat=0, settled=null, more=false, rcvSettleMode=null, state=null, resume=false, aborted=false, batchable=false} (180) "\x00Sp\xc0\x02\x01A\x00Sr\xc1)\x04\xa3\x0ex-opt-jms-destQ\x00\xa3\x12x-opt-jms-msg-typeQ\x00\x00Ss\xc0z\x0a\xa10ID::6d4d2a27-b016-43f0-bf16-90b78a732f46:1:1:1-1@\xa15jms.queue.test_default_username_right_password_right2@@@@@@\x83\x00\x00\x01T\xe2e|4" [8593207:1] <- Disposition{role=RECEIVER, first=0, last=0, settled=true, state=Accepted{}, batchable=false} {'redelivered': False, 'reply_to': None, 'id': ':6d4d2a27-b016-43f0-bf16-90b78a732f46:1:1:1-1', 'user_id':None, 'correlation_id': None, 'priority': 4, 'durable': True, 'ttl': 0, 'type': None, 'expiration': 0, 'timestamp': 1464087182388, 'destination': 'jms.queue.test_default_username_right_password_right2', 'properties': {'JMSXDeliveryCount': 1}, 'content': None} [8593207:1] -> End{error=null} [8593207:1] <- End{error=null} 12:53:02,568 DEBUG AmqpSession { ID::6d4d2a27-b016-43f0-bf16-90b78a732f46:1:1 } is now closed: [8593207:0] -> Close{error=null} [8593207:0] <- Close{error=null} 12:53:02,572 DEBUG AmqpConnection { ID::6d4d2a27-b016-43f0-bf16-90b78a732f46:1 } is now closed: 12:53:02,575 DEBUG Shutdown of ExecutorService: java.util.concurrent.ThreadPoolExecutor@95d394[Terminated, pool size = 0, active threads = 0, queued tasks = 0, completed tasks = 0] is shutdown: true and terminated: true took: 0.001 seconds.
== Cpp,Python client works well in both scenarios ==
- relates to
-
ENTMQBR-151 GuestLoginModule behaves not according documentation
- Closed
-
ENTMQBR-209 When used incorrect user/role settings in JAAS (GuestLoginModule), python client is unable to close connection
- Closed