qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rob Godfrey (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (QPID-4356) Java Broker does not validate incoming message-properties.user-id as required by AMQP 0-10 spec
Date Sat, 20 Feb 2016 18:21:18 GMT

     [ https://issues.apache.org/jira/browse/QPID-4356?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Rob Godfrey resolved QPID-4356.
-------------------------------
    Resolution: Duplicate

> Java Broker does not validate incoming message-properties.user-id as required by AMQP
0-10 spec
> -----------------------------------------------------------------------------------------------
>
>                 Key: QPID-4356
>                 URL: https://issues.apache.org/jira/browse/QPID-4356
>             Project: Qpid
>          Issue Type: Bug
>          Components: Java Broker
>    Affects Versions: 0.10, 0.12, 0.14, 0.16, 0.18, 0.19
>            Reporter: Keith Wall
>            Priority: Minor
>
> When the 0-10 protocol is in use, Java Broker does not validate the user-id sent by the
client as part of the message. According to the AMQP 0-10 spec the Broker must (p163):
> {quote}
> user-id vbin creating user id
> The identity of the user responsible for producing the message. The client sets this
value, and it is authenticated by the broker.
> {quote}
> and 
> {quote}
> Rule: authentication
> The server MUST produce an unauthorized-access exception if the user-id field is set
to a principle for which the client is not authenticated.
> {quote}
> (For 0-8..0-9-1 this validation can be enabled via Broker config see advanced/msg-auth)



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message