Bug 728509
Summary: | Specifying username/password in JMS clients should not be mandatory | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise MRG | Reporter: | Pavel Moravec <pmoravec> | ||||||||||||
Component: | qpid-java | Assignee: | Rajith Attapattu <rattapat+nobody> | ||||||||||||
Status: | CLOSED ERRATA | QA Contact: | Justin Ross <jross> | ||||||||||||
Severity: | low | Docs Contact: | |||||||||||||
Priority: | medium | ||||||||||||||
Version: | 2.0 | CC: | iboverma, jross, lzhaldyb, mcressma, mtoth, tross | ||||||||||||
Target Milestone: | 3.0 | Keywords: | EasyFix, Patch, TestCaseProvided | ||||||||||||
Target Release: | --- | ||||||||||||||
Hardware: | All | ||||||||||||||
OS: | All | ||||||||||||||
Whiteboard: | |||||||||||||||
Fixed In Version: | qpid-java-0.22-1.el5, qpid-java-0.22-2.el6 | Doc Type: | Bug Fix | ||||||||||||
Doc Text: |
It was discovered that the URLParser threw an exception if the username and password was missing from a connection URL. Due to this behavior, it was mandatory to specify a username and password, even if the SASL mechanism chosen did not require it. The URL parser no longer throws an exception if the username or password is missing. Instead it checks if the chosen SASL mechanism (selected during connection negotiation) requires it and then throws an exception at that point.
|
Story Points: | --- | ||||||||||||
Clone Of: | Environment: | ||||||||||||||
Last Closed: | 2014-09-24 15:03:10 UTC | Type: | --- | ||||||||||||
Regression: | --- | Mount Type: | --- | ||||||||||||
Documentation: | --- | CRM: | |||||||||||||
Verified Versions: | Category: | --- | |||||||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||||||
Embargoed: | |||||||||||||||
Attachments: |
|
Description
Pavel Moravec
2011-08-05 11:57:41 UTC
JIRA 3396 created (https://issues.apache.org/jira/browse/QPID-3396). Created attachment 604007 [details]
Junit test case
Created attachment 604019 [details]
patch proposal
Simple patch proposal.
When parsing connectionURL detects no credentials, don't raise exception but set username and password to some dummy-like values.
As C++ qpid broker deals with anonymous users as "anonymous@QPID" (QPID is realm), username set to "anonymous".
Created attachment 604035 [details]
patch proposal
New version of patch. It again sets username to "anonymous" and password to "" (only when the credentials are missing), but further:
* if sasl_mechs is present and not ANONYMOUS, it raises an exception
* if sasl_mechs is not present, it logs warning that sasl_mechs is being set to ANONYMOUS (as we assume that no credentials means ANONYMOUS mechanism so we have to restrict the client to it)
Created attachment 605194 [details] patch proposal See https://issues.apache.org/jira/browse/QPID-3396?focusedCommentId=13436665&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13436665 for details. Added a fix upstream. http://svn.apache.org/r1453558 http://svn.apache.org/r1453559 How to test with JUnit: 1) install JUnit - either from RPM or download from junit.org or sourceforge.net or so. 2) set CLASSPATH properly, like: export CLASSPATH=/usr/local/src/junit4.10/junit-4.10.jar:$(find "/usr/share/java/" -name '*.jar' | tr '\n' ":") Replace the *junit* part by the filename with absolute path to junit JAR (and optionally replace /usr/share/java by path to your JDK). 3) Compile it as usual: javac -cp "$CLASSPATH\." -sourcepath . CredentialsOptional.java 4) Run the test: java -cp "$CLASSPATH\." org.junit.runner.JUnitCore CredentialsOptional Created attachment 780122 [details]
Zip file containing test program source and test execution script.
The fix is in the common code used by both the new and the old client. Therefore this fix is applicable to the new client as well. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHEA-2014-1296.html |