-
Bug
-
Resolution: Won't Do
-
Major
-
None
-
A-MQ 7.0.0.ER6
-
None
-
None
-
Documentation (Ref Guide, User Guide, etc.), Compatibility/Configuration, User Experience
-
According to security doc part GuestLoginModule and using second example, which has GuestLoginModule defined before PropertiesLoginModule, it is not clear, what users GuestLoginModule should allow in.
There are 3 different scenarios which could apply for GuestLoginModule if I understand correctly:
1) Provide no credentials at all. Message should be successfully sent. Works as expected
[0,root@mt_r6x0 clients]$ ./aac1_sender.java.sh --broker-uri amqp://<broker-ip>:5672 --address "jms.queue.test_plain_username_missing_password_right" --count 1 --log-msgs dict 15:57:37,682 DEBUG Connection=amqp://<broker-ip>:5672 {'redelivered': False, 'reply_to': None, 'id': ':1c196498-00c6-42bc-98c5-f990d41ea0ba:1:1:1-1', 'user_id':None, 'correlation_id': None, 'priority': 4, 'durable': True, 'ttl': 0, 'type': None, 'expiration': 0, 'timestamp': 1464271058653, 'destination': 'jms.queue.test_plain_username_missing_password_right', 'properties': {'JMSXDeliveryCount': 1}, 'content': None}
2) Provide only username. Message should (?!) be received by broker, unclear to me. from sentence User logs in with a blank password — the guest login module successfully authenticates the user and returns immediately. The properties login module is not invoked.
Message is successfully sent.
[0,root@mt_r6x0 clients]$ ./aac1_sender.java.sh --broker-uri amqp://<broker-ip>:5672?jms.username=tckuser --address "jms.queue.test_plain_username_missing_password_right" --count 1 --log-msgs dict 15:56:24,297 DEBUG Connection=amqp://<broker-ip>:5672?jms.username=tckuser {'redelivered': False, 'reply_to': None, 'id': ':ee64581e-25ee-493e-9ab1-9980d2cdcb0f:1:1:1-1', 'user_id':None, 'correlation_id': None, 'priority': 4, 'durable': True, 'ttl': 0, 'type': None, 'expiration': 0, 'timestamp': 1464270985984, 'destination': 'jms.queue.test_plain_username_missing_password_right', 'properties': {'JMSXDeliveryCount': 1}, 'content': None}
3) Provide only password. Message should not be received (imo). Message is successfully sent. NOK
[0,root@mt_r6x0 clients]$ ./aac1_sender.java.sh --broker-uri amqp://<broker-ip>:5672?jms.password=tckuser --address "jms.queue.test_plain_username_missing_password_right" --count 1 --log-msgs dict 15:40:15,307 DEBUG Connection=amqp://<broker-ip>:5672?jms.password=tckuser {'redelivered': False, 'reply_to': None, 'id': ':2bb63610-7c2c-4622-9dd5-bb83d3c23c83:1:1:1-1', 'user_id':None, 'correlation_id': None, 'priority': 4, 'durable': True, 'ttl': 0, 'type': None, 'expiration': 0, 'timestamp': 1464270016190, 'destination': 'jms.queue.test_plain_username_missing_password_right', 'properties': {'JMSXDeliveryCount': 1}, 'content': None}
- is related to
-
ENTMQBR-122 Qpid JMS client gets fails to authenticate when using credentials with enabled JAAS GuestLoginModule
- Closed