qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ernest Allen (JIRA)" <j...@apache.org>
Subject [jira] [Created] (DISPATCH-1004) Enable support for connecting to http enabled listener configured with saslMechanisms other than ANONYMOUS
Date Fri, 18 May 2018 12:15:00 GMT
Ernest Allen created DISPATCH-1004:

             Summary: Enable support for connecting to http enabled listener configured with
saslMechanisms other than ANONYMOUS
                 Key: DISPATCH-1004
                 URL: https://issues.apache.org/jira/browse/DISPATCH-1004
             Project: Qpid Dispatch
          Issue Type: Improvement
          Components: Container
    Affects Versions: 1.1.0
            Reporter: Ernest Allen

Authentication fails when connecting to an http enabled listener that has authenticatePeer:
true with a router configured with sasl authentication.

The log messages are:

2018-05-18 07:36:27.347973 -0400 SERVER (debug) [2] upgraded HTTP connection from
to AMQPWS (/home/eallen/workspace/qpid-dispatch/src/http-libwebsockets.c:402)
2018-05-18 07:36:27.348025 -0400 POLICY (trace) ALLOW Connection '' based on global
connection count. nConnections= 1 (/home/eallen/workspace/qpid-dispatch/src/policy.c:204)
2018-05-18 07:36:27.348041 -0400 SERVER (info) Accepted connection to from
2018-05-18 07:36:27.348400 -0400 SERVER (trace) [2]:  <- EOS (/home/eallen/workspace/qpid-dispatch/src/server.c:103)
2018-05-18 07:36:27.348434 -0400 SERVER (info) Connection from (to
failed: amqp:connection:policy-error Client skipped authentication - forbidden (/home/eallen/workspace/qpid-dispatch/src/server.c:920)
2018-05-18 07:36:27.348447 -0400 SERVER (trace) [2]:  -> EOS (/home/eallen/workspace/qpid-dispatch/src/server.c:103)
2018-05-18 07:36:27.348462 -0400 POLICY (debug) Connection '' closed with resources
n_sessions=0, n_senders=0, n_receivers=0. nConnections= 0. (/home/eallen/workspace/qpid-dispatch/src/policy.c:249)

Note: To test this I did the following:
 * run the router's system tests
 * cd build/tests/system_test.dir/system_tests_sasl_plain/RouterTestPlainSasl/setUpClass
 * edit the X.conf file to include a listener with http: true on a new port and start a router
using X.conf
 * attempt to connect to the new port using the latest console with [test@domain.com|mailto:test@domain.com]
/ password
 * view the X.log file to see the above error output

Authentication succeeds when connecting to that same router using a listener that is not http

To verify the sasl setup, using that same router, run the following command:

qdstat -b -c --sasl-mechanisms=PLAIN --sasl-username=test@domain.com --sasl-password=password

The output is:
  id    host             container                            
role    dir  security     authentication          tenant
  6247  5972a5a1-aa46-4b36-8932-8f090307f66a  normal  in   no-security 

I verified that the rhea.js library used by the console is passing the username/password by
running rhea's test "simple_sasl_client.js" under nodejs against the above router's non-http
enabled port. The connection succeeds.



This message was sent by Atlassian JIRA

To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org

View raw message