qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Allan Li (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (QPIDJMS-245) Factory connection string in JNDI properties file will be decoded twice resulting to unexpected value
Date Wed, 04 Jan 2017 06:19:58 GMT

     [ https://issues.apache.org/jira/browse/QPIDJMS-245?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Allan Li updated QPIDJMS-245:
-----------------------------
    Description: 
In JmsConnectionFactory.java, line 390 - 391, method parseQuery(queryString)
390   Map<String, String> map = PropertyUtil.parseQuery(this.remoteURI.getQuery());
391   applyURIOptions(map);
Code of line 390 will decode the remoteURI twice, the first time is via "this.remoteURI.getQuery());",
then in method "PropertyUtil.parseQuery" (PropertyUtil.java, line 200), it will be decode
again.
This will generate wrong value. 
For example, the passed in query string is URL encoded "jms.password=lBMflBhWkvVy7zamjCN24tCa%2BHn%2FavVwyRltDI%2Fk8kE%3D".
(the example is retrieved from a Azure Service Bus SAS key). After the first time decoding,
it gets the right expected value "lBMflBhWkvVy7zamjCN24tCa+Hn/avVwyRltDI/k8kE=", but if decoded
again, it will become "lBMflBhWkvVy7zamjCN24tCa Hn/avVwyRltDI/k8kE=". Basically the '+' is
decoded to ' '. And this wrong string will be set as password and it will fail when connecting
to target message server due to wrong password.

Using getRawQuery() instead of getQuery() should fix this issue.

  was:
In JmsConnectionFactory.java, line 390 - 391, method parseQuery(queryString)
390   Map<String, String> map = PropertyUtil.parseQuery(this.remoteURI.getQuery());
391   applyURIOptions(map);
Code of line 390 will decode the remoteURI twice, the first time is via "this.remoteURI.getQuery());",
then in method "PropertyUtil.parseQuery" (PropertyUtil.java, line 200), it will be decode
again.
This will generate wrong value. 
For example, the passed in query string is URL encoded "jms.password=lBMflBhWkvVy7zamjCN24tCa%2BHn%2FavVwyRltDI%2Fk8kE%3D".
(the example is retrieved from a Azure Service Bus SAS key). After the first time decoding,
it gets the right expected value "lBMflBhWkvVy7zamjCN24tCa+Hn/avVwyRltDI/k8kE=", but if decoded
again, it will become "lBMflBhWkvVy7zamjCN24tCa Hn/avVwyRltDI/k8kE=". Basically the '+' is
decoded to ' '. And this wrong string will be set as password and it will fail when connecting
to target message server due to wrong password.


> Factory connection string in JNDI properties file will be decoded twice resulting to
unexpected value
> -----------------------------------------------------------------------------------------------------
>
>                 Key: QPIDJMS-245
>                 URL: https://issues.apache.org/jira/browse/QPIDJMS-245
>             Project: Qpid JMS
>          Issue Type: Bug
>          Components: qpid-jms-client
>    Affects Versions: 0.11.1
>         Environment: Any
>            Reporter: Allan Li
>
> In JmsConnectionFactory.java, line 390 - 391, method parseQuery(queryString)
> 390   Map<String, String> map = PropertyUtil.parseQuery(this.remoteURI.getQuery());
> 391   applyURIOptions(map);
> Code of line 390 will decode the remoteURI twice, the first time is via "this.remoteURI.getQuery());",
then in method "PropertyUtil.parseQuery" (PropertyUtil.java, line 200), it will be decode
again.
> This will generate wrong value. 
> For example, the passed in query string is URL encoded "jms.password=lBMflBhWkvVy7zamjCN24tCa%2BHn%2FavVwyRltDI%2Fk8kE%3D".
(the example is retrieved from a Azure Service Bus SAS key). After the first time decoding,
it gets the right expected value "lBMflBhWkvVy7zamjCN24tCa+Hn/avVwyRltDI/k8kE=", but if decoded
again, it will become "lBMflBhWkvVy7zamjCN24tCa Hn/avVwyRltDI/k8kE=". Basically the '+' is
decoded to ' '. And this wrong string will be set as password and it will fail when connecting
to target message server due to wrong password.
> Using getRawQuery() instead of getQuery() should fix this issue.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message