-
Bug
-
Resolution: Done
-
Major
-
AMQ 7.2.1.GA
-
None
-
1
-
Release Notes
-
-
Documented as Resolved Issue
-
-
AMQ Broker 2019, AMQ Broker 2319, AMQ Broker 2619
The attached test uses factory.createConnection() (that is, without username and password), and if I delete GuestLoginModule from etc/login.conf, the auth fails, but I do not get real auth error from the Artemis broker. That means, the client ends up reconnecting in a loop.
I'd expect to get a clear auth error, so I can respond to that.
Protocol trace (see the attached html from Adverb):
◊ ◊◊ 0.113713 Frame 4 127.0.0.1:50298 -> 127.0.0.1:32945 -> init SASL (3): (1.0.0) ◊ ◊◊ 0.205381 Frame 6 127.0.0.1:50298 <- 127.0.0.1:32945 <- init SASL (3): (1.0.0), method Method: ◊ ◊◊ 0.223594 Frame 8 127.0.0.1:50298 -> 127.0.0.1:32945 -> method Method: ◊ ◊◊ 0.227009 Frame 10 127.0.0.1:50298 <- 127.0.0.1:32945 <- method Method: ◊ ◊◊ 0.227115 Frame 11 127.0.0.1:50298 <- 127.0.0.1:32945 <- init AMQP (0): (1.0.0) ◊ ◊◊ 0.233142 Frame 13 127.0.0.1:50298 -> 127.0.0.1:32945 -> init AMQP (0): (1.0.0) ◊ ◊◊ 0.274729 Frame 15 127.0.0.1:50298 -> 127.0.0.1:32945 -> open [0] ◊ ◊◊ 0.277839 Frame 17 127.0.0.1:50298 <- 127.0.0.1:32945 <- open [0] ◊ ◊◊ 0.294913 Frame 18 127.0.0.1:50298 -> 127.0.0.1:32945 -> begin [0,null] ◊ ◊◊ 0.480050 Frame 20 127.0.0.1:50298 <- 127.0.0.1:32945 <- close [0] ◊ ◊◊ 0.484355 Frame 21 127.0.0.1:50298 -> 127.0.0.1:32945 -> close [0]
Log:
javax.security.auth.login.LoginException: Invalid null input: name at java.base/javax.security.auth.login.LoginContext.init(LoginContext.java:235) at java.base/javax.security.auth.login.LoginContext.<init>(LoginContext.java:501) at org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager.getAuthenticatedSubject(ActiveMQJAASSecurityManager.java:185) at org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager.validateUser(ActiveMQJAASSecurityManager.java:94) at org.apache.activemq.artemis.core.security.impl.SecurityStoreImpl.authenticate(SecurityStoreImpl.java:135) at org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl.createSession(ActiveMQServerImpl.java:1408) at org.apache.activemq.artemis.protocol.amqp.broker.AMQPSessionCallback.init(AMQPSessionCallback.java:200) at org.apache.activemq.artemis.protocol.amqp.proton.AMQPSessionContext.initialise(AMQPSessionContext.java:71) at org.apache.activemq.artemis.protocol.amqp.proton.AMQPConnectionContext.onRemoteOpen(AMQPConnectionContext.java:433) at org.apache.activemq.artemis.protocol.amqp.proton.handler.Events.dispatch(Events.java:50) at org.apache.activemq.artemis.protocol.amqp.proton.handler.ProtonHandler.dispatch(ProtonHandler.java:494) at org.apache.activemq.artemis.protocol.amqp.proton.handler.ProtonHandler.flush(ProtonHandler.java:307) at org.apache.activemq.artemis.protocol.amqp.proton.handler.ProtonHandler.inputBuffer(ProtonHandler.java:272) at org.apache.activemq.artemis.protocol.amqp.proton.AMQPConnectionContext.inputBuffer(AMQPConnectionContext.java:158) at org.apache.activemq.artemis.protocol.amqp.broker.ActiveMQProtonRemotingConnection.bufferReceived(ActiveMQProtonRemotingConnection.java:147) at org.apache.activemq.artemis.core.remoting.server.impl.RemotingServiceImpl$DelegatingBufferHandler.bufferReceived(RemotingServiceImpl.java:643) at org.apache.activemq.artemis.core.remoting.impl.netty.ActiveMQChannelHandler.channelRead(ActiveMQChannelHandler.java:73) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340) at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1434) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:965) at io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:808) at io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:417) at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:317) at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:884) at org.apache.activemq.artemis.utils.ActiveMQThreadFactory$1.run(ActiveMQThreadFactory.java:118) DEBUG - Couldn't find any bindings for address=activemq.notifications on message=CoreMessage[messageID=77309411656,durable=true,userID=null,priority=0, timestamp=0,expiration=0, durable=true, address=activemq.notifications,size=244,properties=TypedProperties[_AMQ_NotifType=SECURITY_AUTHENTICATION_VIOLATION,_AMQ_NotifTimestamp=1539871547925]]@1180466632 DEBUG - Message CoreMessage[messageID=77309411656,durable=true,userID=null,priority=0, timestamp=0,expiration=0, durable=true, address=activemq.notifications,size=244,properties=TypedProperties[_AMQ_NotifType=SECURITY_AUTHENTICATION_VIOLATION,_AMQ_NotifTimestamp=1539871547925]]@1180466632 is not going anywhere as it didn't have a binding on address:activemq.notifications WARN - AMQ119031: Unable to validate user from /127.0.0.1:50512. Username: null; SSL certificate subject DN: unavailable ActiveMQAMQPInternalErrorException[errorType=INTERNAL_ERROR message=AMQ119031: Unable to validate user from /127.0.0.1:50512. Username: null; SSL certificate subject DN: unavailable] at org.apache.activemq.artemis.protocol.amqp.proton.AMQPSessionContext.initialise(AMQPSessionContext.java:73) at org.apache.activemq.artemis.protocol.amqp.proton.AMQPConnectionContext.onRemoteOpen(AMQPConnectionContext.java:433) at org.apache.activemq.artemis.protocol.amqp.proton.handler.Events.dispatch(Events.java:50) at org.apache.activemq.artemis.protocol.amqp.proton.handler.ProtonHandler.dispatch(ProtonHandler.java:494) at org.apache.activemq.artemis.protocol.amqp.proton.handler.ProtonHandler.flush(ProtonHandler.java:307) at org.apache.activemq.artemis.protocol.amqp.proton.handler.ProtonHandler.inputBuffer(ProtonHandler.java:272) at org.apache.activemq.artemis.protocol.amqp.proton.AMQPConnectionContext.inputBuffer(AMQPConnectionContext.java:158) at org.apache.activemq.artemis.protocol.amqp.broker.ActiveMQProtonRemotingConnection.bufferReceived(ActiveMQProtonRemotingConnection.java:147) at org.apache.activemq.artemis.core.remoting.server.impl.RemotingServiceImpl$DelegatingBufferHandler.bufferReceived(RemotingServiceImpl.java:643) at org.apache.activemq.artemis.core.remoting.impl.netty.ActiveMQChannelHandler.channelRead(ActiveMQChannelHandler.java:73) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340) at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1434) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:965) at io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:808) at io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:417) at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:317) at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:884) at org.apache.activemq.artemis.utils.ActiveMQThreadFactory$1.run(ActiveMQThreadFactory.java:118) Caused by: ActiveMQSecurityException[errorType=SECURITY_EXCEPTION message=AMQ119031: Unable to validate user from /127.0.0.1:50512. Username: null; SSL certificate subject DN: unavailable] at org.apache.activemq.artemis.core.security.impl.SecurityStoreImpl.authenticate(SecurityStoreImpl.java:157) at org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl.createSession(ActiveMQServerImpl.java:1408) at org.apache.activemq.artemis.protocol.amqp.broker.AMQPSessionCallback.init(AMQPSessionCallback.java:200) at org.apache.activemq.artemis.protocol.amqp.proton.AMQPSessionContext.initialise(AMQPSessionContext.java:71) ... 21 more DEBUG - Request received error: Unrecoverable error: AMQ119031: Unable to validate user from /127.0.0.1:50512. Username: null; SSL certificate subject DN: unavailable [condition = amqp:internal-error]
Source code of the test (with embedded broker configured correctly, without GuestLoginModule):
https://github.com/jdanekrh/cli-java/blob/9bb2cdd8021567216fd71295a00990d83eeeb0a5/cli-qpid-jms/src/test/java/ConnectWithoutPassword.java#L42-L56 (branch jd_broker_test of the repo).