qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rob Godfrey (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (QPIDJMS-232) Perform Authentication when the remote connection is established instead of waiting until Connection is used
Date Mon, 12 Dec 2016 16:46:59 GMT

    [ https://issues.apache.org/jira/browse/QPIDJMS-232?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15742422#comment-15742422
] 

Rob Godfrey commented on QPIDJMS-232:
-------------------------------------

Yeah - I forget exactly how all the DoD / heartbeating timeouts work in the Java Broker...
I *think* the above is probably safe (since the time from TCP connection open to authenticated
is short, so it will avoid the suspected DoS timeout, and the heartbeating timeout probably
won't come into effect until it receives an open frame from the client), however it would
be (AMQP) spec compliant for the broker to issue an open without waiting for the client, and
for that open to include a heartbeat timeout... does proton/the JMS client respect that? 
I'd also need to check up on whether it is even legal to send empty heartbeating frames before
you send an open (I can't say it was a case we ever considered).  

In general I agree that doing the connect/auth up front is the best thing to do... but I think
that having the behaviour configurable to improve interoperability would make sense

> Perform Authentication when the remote connection is established instead of waiting until
Connection is used
> ------------------------------------------------------------------------------------------------------------
>
>                 Key: QPIDJMS-232
>                 URL: https://issues.apache.org/jira/browse/QPIDJMS-232
>             Project: Qpid JMS
>          Issue Type: Improvement
>          Components: qpid-jms-client
>    Affects Versions: 0.11.1
>            Reporter: Timothy Bish
>            Assignee: Timothy Bish
>             Fix For: 0.20.0
>
>
> Instead of waiting until the connection is used to perform authentication we should perform
the SASL authentication if available when the connection is established.  This allows the
createConnection methods in the ConnectionFactory to fail fast instead of waiting until the
Connection is used (e.g set client ID, start, createSession etc)



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message