Loading...

XML

Word

Printable

Type: Bug
Resolution: Won't Do
Priority: Major
Fix Version/s: None
Affects Version/s: A-MQ 7.0.0.ER6
Component/s: None
Labels:
None

Affects:

Documentation (Ref Guide, User Guide, etc.), Compatibility/Configuration, User Experience
Steps to Reproduce:
Hide

1) Configure JAAS login.config as in example

activemq-guest-when-no-creds-only-domain { org.apache.activemq.artemis.spi.core.security.jaas.GuestLoginModule sufficient debug=true credentialsInvalidate=true org.apache.activemq.jaas.guest.user="guest" org.apache.activemq.jaas.guest.role="guests"; org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule requisite debug=true org.apache.activemq.jaas.properties.user="artemis-users.properties" org.apache.activemq.jaas.properties.role="artemis-roles.properties"; };

2) Start the broker
3) Send a message with provided username
4) Send a message with provided password only
5) Send a message without provided username/password
Show
1) Configure JAAS login.config as in example activemq-guest-when-no-creds-only-domain { org.apache.activemq.artemis.spi.core.security.jaas.GuestLoginModule sufficient debug=true credentialsInvalidate=true org.apache.activemq.jaas.guest.user="guest" org.apache.activemq.jaas.guest.role="guests"; org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule requisite debug=true org.apache.activemq.jaas.properties.user="artemis-users.properties" org.apache.activemq.jaas.properties.role="artemis-roles.properties"; }; 2) Start the broker 3) Send a message with provided username 4) Send a message with provided password only 5) Send a message without provided username/password

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

According to security doc part GuestLoginModule and using second example, which has GuestLoginModule defined before PropertiesLoginModule, it is not clear, what users GuestLoginModule should allow in.

There are 3 different scenarios which could apply for GuestLoginModule if I understand correctly:
1) Provide no credentials at all. Message should be successfully sent. Works as expected

[0,root@mt_r6x0 clients]$ ./aac1_sender.java.sh --broker-uri amqp://<broker-ip>:5672 --address "jms.queue.test_plain_username_missing_password_right" --count 1 --log-msgs dict
15:57:37,682 DEBUG Connection=amqp://<broker-ip>:5672
{'redelivered': False, 'reply_to': None, 'id': ':1c196498-00c6-42bc-98c5-f990d41ea0ba:1:1:1-1', 'user_id':None, 'correlation_id': None, 'priority': 4, 'durable': True, 'ttl': 0, 'type': None, 'expiration': 0, 'timestamp': 1464271058653, 'destination': 'jms.queue.test_plain_username_missing_password_right', 'properties': {'JMSXDeliveryCount': 1}, 'content': None}

2) Provide only username. Message should (?!) be received by broker, unclear to me. from sentence User logs in with a blank password — the guest login module successfully authenticates the user and returns immediately. The properties login module is not invoked.
Message is successfully sent.

[0,root@mt_r6x0 clients]$ ./aac1_sender.java.sh --broker-uri amqp://<broker-ip>:5672?jms.username=tckuser --address "jms.queue.test_plain_username_missing_password_right" --count 1 --log-msgs dict
15:56:24,297 DEBUG Connection=amqp://<broker-ip>:5672?jms.username=tckuser
{'redelivered': False, 'reply_to': None, 'id': ':ee64581e-25ee-493e-9ab1-9980d2cdcb0f:1:1:1-1', 'user_id':None, 'correlation_id': None, 'priority': 4, 'durable': True, 'ttl': 0, 'type': None, 'expiration': 0, 'timestamp': 1464270985984, 'destination': 'jms.queue.test_plain_username_missing_password_right', 'properties': {'JMSXDeliveryCount': 1}, 'content': None}

3) Provide only password. Message should not be received (imo). Message is successfully sent. NOK

[0,root@mt_r6x0 clients]$ ./aac1_sender.java.sh --broker-uri amqp://<broker-ip>:5672?jms.password=tckuser --address "jms.queue.test_plain_username_missing_password_right" --count 1 --log-msgs dict
15:40:15,307 DEBUG Connection=amqp://<broker-ip>:5672?jms.password=tckuser
{'redelivered': False, 'reply_to': None, 'id': ':2bb63610-7c2c-4622-9dd5-bb83d3c23c83:1:1:1-1', 'user_id':None, 'correlation_id': None, 'priority': 4, 'durable': True, 'ttl': 0, 'type': None, 'expiration': 0, 'timestamp': 1464270016190, 'destination': 'jms.queue.test_plain_username_missing_password_right', 'properties': {'JMSXDeliveryCount': 1}, 'content': None}

is related to

ENTMQBR-122 Qpid JMS client gets fails to authenticate when using credentials with enabled JAAS GuestLoginModule

Closed

Assignee:: Justin Bertram

Reporter:: Michal Toth

Tester:: Michal Toth

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2016/05/26 10:09 AM

Updated:: 2021/10/24 6:25 AM

Resolved:: 2016/05/31 10:09 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates

Hide