Uploaded image for project: 'AMQ Broker'
  1. AMQ Broker
  2. ENTMQBR-122

Qpid JMS client gets fails to authenticate when using credentials with enabled JAAS GuestLoginModule

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • A-MQ 7.0.0.ER7
    • A-MQ 7.0.0.ER6
    • None
    • None
    • Hide

      1) Enable GuestLoginModule in JAAS
      2) Try to send/receive a message using qpid-jms-client with and without provided credentials

      Show
      1) Enable GuestLoginModule in JAAS 2) Try to send/receive a message using qpid-jms-client with and without provided credentials

      Qpid JMS client is unable to authenticate with broker when credentials are passed to the client and only JAAS GuestLoginModule is in use. Please see following two scenarios.

      == With username/pass

      [0,root@mt_r6i0 clients]$ ./aac1_sender.java.sh --log-msgs dict --broker 10.34.75.242:5672 --address "'jms.queue.test_default_username_right_password_right2'" --conn-username tckuser --conn-password tckuser --count 1
12:52:41,245 DEBUG Connection=amqp://10.34.75.242:5672?jms.username=tckuser&jms.password=tckuser
12:52:41,938 INFO Best match for SASL auth was: SASL-PLAIN
12:52:42,014 ERROR Error while creating session! Client failed to authenticate
javax.jms.JMSSecurityException: Client failed to authenticate
        at org.apache.qpid.jms.provider.amqp.AmqpSaslAuthenticator.handleSaslFail(AmqpSaslAuthenticator.java:151)
        at org.apache.qpid.jms.provider.amqp.AmqpSaslAuthenticator.authenticate(AmqpSaslAuthenticator.java:93)
        at org.apache.qpid.jms.provider.amqp.AmqpProvider.processSaslAuthentication(AmqpProvider.java:827)12:52:42,015 ERROR ExceptionListener error detected!
Client failed to authenticate
null

        at org.apache.qpid.jms.provider.amqp.AmqpProvider.processUpdates(AmqpProvider.java:814)
        at org.apache.qpid.jms.provider.amqp.AmqpProvider.access$1900(AmqpProvider.java:92)
        at org.apache.qpid.jms.provider.amqp.AmqpProvider$17.run(AmqpProvider.java:701)
        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
        at java.util.concurrent.FutureTask.run(FutureTask.java:266)
        at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180)
        at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at java.lang.Thread.run(Thread.java:745)
javax.jms.JMSSecurityException: Client failed to authenticate
        at org.apache.qpid.jms.provider.amqp.AmqpSaslAuthenticator.handleSaslFail(AmqpSaslAuthenticator.java:151)
        at org.apache.qpid.jms.provider.amqp.AmqpSaslAuthenticator.authenticate(AmqpSaslAuthenticator.java:93)
        at org.apache.qpid.jms.provider.amqp.AmqpProvider.processSaslAuthentication(AmqpProvider.java:827)
        at org.apache.qpid.jms.provider.amqp.AmqpProvider.processUpdates(AmqpProvider.java:814)
        at org.apache.qpid.jms.provider.amqp.AmqpProvider.access$1900(AmqpProvider.java:92)
        at org.apache.qpid.jms.provider.amqp.AmqpProvider$17.run(AmqpProvider.java:701)
        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
        at java.util.concurrent.FutureTask.run(FutureTask.java:266)
        at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180)
        at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at java.lang.Thread.run(Thread.java:745)

      >>> Shouldn't broker "reject/throw away" provided credentials and consider conncted client with guest credentials insted of trying to communicate SASL?

      == Without username

      [1,root@mt_r6i0 clients]$ ./aac1_sender.java.sh --log-msgs dict --broker 10.34.75.242:5672 --address "'jms.queue.test_default_username_right_password_right2'" --count 1
12:53:01,332 DEBUG Connection=amqp://10.34.75.242:5672
12:53:02,077 DEBUG Skipping SASL-PLAIN mechanism because the available credentials are not sufficient
12:53:02,077 INFO Best match for SASL auth was: SASL-ANONYMOUS
[8593207:0] -> Open{ containerId='ID::4f696ae2-c650-4815-a6b5-41747b33e8b9:1', hostname='10.34.75.242', maxFrameSize=1048576, channelMax=32767, idleTimeOut=30000, outgoingLocales=null, incomingLocales=null, offeredCapabilities=null, desiredCapabilities=[sole-connection-for-container], properties={product=QpidJMS, version=0.8.0.redhat-1, platform=JVM: 1.8.0_91, 25.91-b14, Oracle Corporation, OS: Linux, 2.6.32-573.18.1.el6.i686, i386}}
[8593207:0] <- Open{ containerId='', hostname='', maxFrameSize=4294967295, channelMax=65535, idleTimeOut=30000, outgoingLocales=null, incomingLocales=null, offeredCapabilities=null, desiredCapabilities=null, properties=null}
[8593207:0] -> Begin{remoteChannel=null, nextOutgoingId=1, incomingWindow=2047, outgoingWindow=2147483647, handleMax=65535, offeredCapabilities=null, desiredCapabilities=null, properties=null}
[8593207:0] <- Begin{remoteChannel=0, nextOutgoingId=1, incomingWindow=2147483647, outgoingWindow=2147483647, handleMax=65535, offeredCapabilities=null, desiredCapabilities=null, properties=null}
12:53:02,312 DEBUG AmqpConnection { ID::6d4d2a27-b016-43f0-bf16-90b78a732f46:1 } is now open:
12:53:02,313 INFO Connection ID::6d4d2a27-b016-43f0-bf16-90b78a732f46:1 connected to remote Broker: amqp://10.34.75.242:5672
[8593207:1] -> Begin{remoteChannel=null, nextOutgoingId=1, incomingWindow=2047, outgoingWindow=2147483647, handleMax=65535, offeredCapabilities=null, desiredCapabilities=null, properties=null}
[8593207:1] <- Begin{remoteChannel=1, nextOutgoingId=1, incomingWindow=2147483647, outgoingWindow=2147483647, handleMax=65535, offeredCapabilities=null, desiredCapabilities=null, properties=null}
12:53:02,339 DEBUG Creating AmqpFixedProducer for: jms.queue.test_default_username_right_password_right2
[8593207:1] -> Attach{name='qpid-jms:sender:ID::6d4d2a27-b016-43f0-bf16-90b78a732f46:1:1:1:jms.queue.test_default_username_right_password_right2', handle=0, role=SENDER, sndSettleMode=UNSETTLED, rcvSettleMode=FIRST, source=Source{address='ID::6d4d2a27-b016-43f0-bf16-90b78a732f46:1:1:1', durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false, dynamicNodeProperties=null, distributionMode=null, filter=null, defaultOutcome=null, outcomes=[amqp:accepted:list, amqp:rejected:list], capabilities=null}, target=Target{address='jms.queue.test_default_username_right_password_right2', durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false, dynamicNodeProperties=null, capabilities=[queue]}, unsettled=null, incompleteUnsettled=false, initialDeliveryCount=0, maxMessageSize=null, offeredCapabilities=null, desiredCapabilities=null, properties=null}
[8593207:1] <- Attach{name='qpid-jms:sender:ID::6d4d2a27-b016-43f0-bf16-90b78a732f46:1:1:1:jms.queue.test_default_username_right_password_right2', handle=0, role=RECEIVER, sndSettleMode=MIXED, rcvSettleMode=FIRST, source=Source{address='ID::6d4d2a27-b016-43f0-bf16-90b78a732f46:1:1:1', durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false, dynamicNodeProperties=null, distributionMode=null, filter=null, defaultOutcome=null, outcomes=[amqp:accepted:list, amqp:rejected:list], capabilities=null}, target=Target{address='jms.queue.test_default_username_right_password_right2', durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false, dynamicNodeProperties=null, capabilities=[queue]}, unsettled=null, incompleteUnsettled=false, initialDeliveryCount=null, maxMessageSize=null, offeredCapabilities=null, desiredCapabilities=null, properties=null}
[8593207:1] <- Flow{nextIncomingId=1, incomingWindow=2147483647, nextOutgoingId=1, outgoingWindow=2147483647, handle=0, deliveryCount=0, linkCredit=200, available=null, drain=false, echo=false, properties=null}
[8593207:1] -> Transfer{handle=0, deliveryId=0, deliveryTag=0, messageFormat=0, settled=null, more=false, rcvSettleMode=null, state=null, resume=false, aborted=false, batchable=false} (180) "\x00Sp\xc0\x02\x01A\x00Sr\xc1)\x04\xa3\x0ex-opt-jms-destQ\x00\xa3\x12x-opt-jms-msg-typeQ\x00\x00Ss\xc0z\x0a\xa10ID::6d4d2a27-b016-43f0-bf16-90b78a732f46:1:1:1-1@\xa15jms.queue.test_default_username_right_password_right2@@@@@@\x83\x00\x00\x01T\xe2e|4"
[8593207:1] <- Disposition{role=RECEIVER, first=0, last=0, settled=true, state=Accepted{}, batchable=false}
{'redelivered': False, 'reply_to': None, 'id': ':6d4d2a27-b016-43f0-bf16-90b78a732f46:1:1:1-1', 'user_id':None, 'correlation_id': None, 'priority': 4, 'durable': True, 'ttl': 0, 'type': None, 'expiration': 0, 'timestamp': 1464087182388, 'destination': 'jms.queue.test_default_username_right_password_right2', 'properties': {'JMSXDeliveryCount': 1}, 'content': None}
[8593207:1] -> End{error=null}
[8593207:1] <- End{error=null}
12:53:02,568 DEBUG AmqpSession { ID::6d4d2a27-b016-43f0-bf16-90b78a732f46:1:1 } is now closed:
[8593207:0] -> Close{error=null}
[8593207:0] <- Close{error=null}
12:53:02,572 DEBUG AmqpConnection { ID::6d4d2a27-b016-43f0-bf16-90b78a732f46:1 } is now closed:
12:53:02,575 DEBUG Shutdown of ExecutorService: java.util.concurrent.ThreadPoolExecutor@95d394[Terminated, pool size = 0, active threads = 0, queued tasks = 0, completed tasks = 0] is shutdown: true and terminated: true took: 0.001 seconds.

      == Cpp,Python client works well in both scenarios ==

            rhn-support-jbertram Justin Bertram
            mtoth@redhat.com Michal Toth
            Michal Toth Michal Toth
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: