qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rob Godfrey (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (QPID-5884) NullPointerException when using Base64MD5 file for AMQP 1.0 authentication
Date Mon, 21 Jul 2014 14:40:39 GMT

    [ https://issues.apache.org/jira/browse/QPID-5884?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14068574#comment-14068574
] 

Rob Godfrey commented on QPID-5884:
-----------------------------------

So, this looks to be a combination of two bugs and one request for improvement

At a high level the error occurs because the JMS 1.0 client does not yet support the necessary
SASL mechanisms for this password database type.  At the very least we should enhance support
to allow for the use of SCRAM-SHA1 and SCRAM-SAH256 mechanisms.  We can also add support for
the MD5-HASHED mechanisms, however these are Qpid Java Broker specific and their use should
be deprecated.  This is the "request for enhancement".

The two bugs are as follows:

1) The client, although it recognises that there is no mechanism available which it can use
send a request to authenticate with no mechanism specified, rather than immediately failing
2) The broker does not handle the case of a request coming in which does not supply a mechanism,
it assumes the mechanism is present and thus NPEs on trying to convert the mechanism value
into a String.

 

> NullPointerException when using Base64MD5 file for AMQP 1.0 authentication
> --------------------------------------------------------------------------
>
>                 Key: QPID-5884
>                 URL: https://issues.apache.org/jira/browse/QPID-5884
>             Project: Qpid
>          Issue Type: Bug
>          Components: Java Broker
>    Affects Versions: 0.28
>         Environment: OpenJDK Runtime Environment (rhel-2.4.7.1.el6_5-x86_64 u55-b13)
> OpenJDK 64-Bit Server VM (build 24.51-b03, mixed mode)
>            Reporter: Mark Soderquist
>             Fix For: 0.29
>
>
> Received an NPE when using the Base64MD5PasswordFile authentication provider. This did
not happen when using the PlainPasswordFile. Here is the stack trace:
> java.lang.NullPointerException
>         at org.apache.qpid.amqp_1_0.transport.ConnectionEndpoint.receiveSaslInit(ConnectionEndpoint.java:818)
>         at org.apache.qpid.amqp_1_0.type.security.SaslInit.invoke(SaslInit.java:112)
>         at org.apache.qpid.amqp_1_0.transport.ConnectionEndpoint.receive(ConnectionEndpoint.java:737)
>         at org.apache.qpid.amqp_1_0.framing.SASLFrameHandler.parse(SASLFrameHandler.java:240)
>         at org.apache.qpid.server.protocol.v1_0.ProtocolEngine_1_0_0_SASL$3.run(ProtocolEngine_1_0_0_SASL.java:367)
>         at org.apache.qpid.server.protocol.v1_0.ProtocolEngine_1_0_0_SASL$3.run(ProtocolEngine_1_0_0_SASL.java:363)
>         at java.security.AccessController.doPrivileged(Native Method)
>         at javax.security.auth.Subject.doAs(Subject.java:356)
>         at org.apache.qpid.server.protocol.v1_0.ProtocolEngine_1_0_0_SASL.received(ProtocolEngine_1_0_0_SASL.java:362)
>         at org.apache.qpid.server.protocol.v1_0.ProtocolEngine_1_0_0_SASL.received(ProtocolEngine_1_0_0_SASL.java:64)
>         at org.apache.qpid.server.protocol.MultiVersionProtocolEngine.received(MultiVersionProtocolEngine.java:132)
>         at org.apache.qpid.server.protocol.MultiVersionProtocolEngine.received(MultiVersionProtocolEngine.java:48)
>         at org.apache.qpid.transport.network.io.IoReceiver.run(IoReceiver.java:161)
>         at java.lang.Thread.run(Thread.java:744)



--
This message was sent by Atlassian JIRA
(v6.2#6252)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message