qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jakub Scholz (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (QPIDJMS-65) CRAM-MD5 SASL mechanism throws NullPointerException when no username or password is specified
Date Tue, 02 Jun 2015 11:20:18 GMT

    [ https://issues.apache.org/jira/browse/QPIDJMS-65?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14568960#comment-14568960
] 

Jakub Scholz commented on QPIDJMS-65:
-------------------------------------

Yeah, in my opinion, unless there is someone with a scenario where username & password
based authentication doesn't require password or username, it would be best if the PLAIN and
CRAM-MD5 are disabled in these cases. 

I think it would even slightly enhance the clients usability, because today, you cannot choose
ANONYMOUS mechanism when PLAIN or CRAM-MD5 is available on the broker. With this implemented
as you suggest, the client would simply ignore the PLAIN and CRAM-MD5 mechanisms in case username/password
were not specified and default to ANONYMOUS.

> CRAM-MD5 SASL mechanism throws NullPointerException when no username or password is specified
> ---------------------------------------------------------------------------------------------
>
>                 Key: QPIDJMS-65
>                 URL: https://issues.apache.org/jira/browse/QPIDJMS-65
>             Project: Qpid JMS
>          Issue Type: Bug
>    Affects Versions: 0.2.0
>            Reporter: Jakub Scholz
>            Priority: Minor
>         Attachments: QPIDJMS-65.patch
>
>
> When the CRAM-MD5 SASL mechanism is used and no jms.username or jms.password parameter
was specified in connection URI, a NullPointerExpception will be thrown, for example:
> {code}TRACE org.apache.qpid.jms.transports.netty.NettyTcpTransport - Attempted write
of: 8 bytes
> TRACE org.apache.qpid.jms.transports.netty.NettyTcpTransport - New data read: 68 bytes
incoming: UnpooledHeapByteBuf(ridx: 0, widx: 68, cap: 65536)
> TRACE org.apache.qpid.jms.provider.amqp.AmqpProvider - Received from Broker 68 bytes:
UnpooledHeapByteBuf(ridx: 0, widx: 68, cap: 65536)
> TRACE org.apache.qpid.jms.provider.amqp.AmqpProvider - New Proton Event: CONNECTION_INIT
> TRACE org.apache.qpid.jms.provider.amqp.AmqpProvider - New Proton Event: SESSION_INIT
> TRACE org.apache.qpid.jms.provider.amqp.AmqpProvider - New Proton Event: CONNECTION_LOCAL_OPEN
> DEBUG org.apache.qpid.jms.sasl.SaslMechanismFinder - Unknown SASL mechanism: [DIGEST-MD5]
> INFO org.apache.qpid.jms.sasl.SaslMechanismFinder - Best match for SASL auth was: SASL-CRAM-MD5
> TRACE org.apache.qpid.jms.transports.netty.NettyTcpTransport - Attempted write of: 24
bytes
> TRACE org.apache.qpid.jms.transports.netty.NettyTcpTransport - New data read: 55 bytes
incoming: UnpooledHeapByteBuf(ridx: 0, widx: 55, cap: 65536)
> TRACE org.apache.qpid.jms.provider.amqp.AmqpProvider - Received from Broker 55 bytes:
UnpooledHeapByteBuf(ridx: 0, widx: 55, cap: 65536)
> WARN org.apache.qpid.jms.provider.amqp.AmqpProvider - Caught Exception during update
processing: null
> java.lang.NullPointerException
> 	at org.apache.qpid.jms.sasl.CramMD5Mechanism.getChallengeResponse(CramMD5Mechanism.java:57)
> 	at org.apache.qpid.jms.provider.amqp.AmqpSaslAuthenticator.handleSaslStep(AmqpSaslAuthenticator.java:111)
> 	at org.apache.qpid.jms.provider.amqp.AmqpSaslAuthenticator.authenticate(AmqpSaslAuthenticator.java:63)
> 	at org.apache.qpid.jms.provider.amqp.AmqpConnection.processSaslAuthentication(AmqpConnection.java:155)
> 	at org.apache.qpid.jms.provider.amqp.AmqpProvider.processUpdates(AmqpProvider.java:777)
> 	at org.apache.qpid.jms.provider.amqp.AmqpProvider.access$1500(AmqpProvider.java:87)
> 	at org.apache.qpid.jms.provider.amqp.AmqpProvider$16.run(AmqpProvider.java:667)
> 	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
> 	at java.util.concurrent.FutureTask.run(FutureTask.java:262)
> 	at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:178)
> 	at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:292)
> 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> 	at java.lang.Thread.run(Thread.java:745)
> javax.jms.JMSException: java.lang.NullPointerException
> Exception occurred and was caught by onException
> 	at org.apache.qpid.jms.exceptions.JmsExceptionSupport.create(JmsExceptionSupport.java:60)
> 	at org.apache.qpid.jms.JmsConnection.onAsyncException(JmsConnection.java:1169)
> 	at org.apache.qpid.jms.JmsConnection.onConnectionFailure(JmsConnection.java:1085)
> 	at org.apache.qpid.jms.provider.amqp.AmqpProvider.fireProviderException(AmqpProvider.java:832)
> 	at org.apache.qpid.jms.provider.amqp.AmqpProvider.processUpdates(AmqpProvider.java:781)
> 	at org.apache.qpid.jms.provider.amqp.AmqpProvider.access$1500(AmqpProvider.java:87)
> 	at org.apache.qpid.jms.provider.amqp.AmqpProvider$16.run(AmqpProvider.java:667)
> 	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
> 	at java.util.concurrent.FutureTask.run(FutureTask.java:262)
> 	at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:178)
> 	at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:292)
> 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> 	at java.lang.Thread.run(Thread.java:745)
> Caused by: java.io.IOException: java.lang.NullPointerException
> 	at org.apache.qpid.jms.util.IOExceptionSupport.create(IOExceptionSupport.java:45)
> 	... 11 more
> Caused by: java.lang.NullPointerException
> 	at org.apache.qpid.jms.sasl.CramMD5Mechanism.getChallengeResponse(CramMD5Mechanism.java:57)
> 	at org.apache.qpid.jms.provider.amqp.AmqpSaslAuthenticator.handleSaslStep(AmqpSaslAuthenticator.java:111)
> 	at org.apache.qpid.jms.provider.amqp.AmqpSaslAuthenticator.authenticate(AmqpSaslAuthenticator.java:63)
> 	at org.apache.qpid.jms.provider.amqp.AmqpConnection.processSaslAuthentication(AmqpConnection.java:155)
> 	at org.apache.qpid.jms.provider.amqp.AmqpProvider.processUpdates(AmqpProvider.java:777)
> 	... 9 more{code}
> The PLAIN mechanism actually validates username and password and replaces it with empty
string in case they are null. However, setting the password to empty string causes another
exception in SecretKeySpec. So the password has to be set for example to space to make it
work.
> Is missing username or password (or set to empty string) actually a valid scenario? For
example I don't think it can be configured on the Qpid C++ broker.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message