Bug 736794 - Qpid JCA Adapter -- Use of guest/guest for authentication info should be eradicated for the JCA adapter
Summary: Qpid JCA Adapter -- Use of guest/guest for authentication info should be erad...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise MRG
Classification: Red Hat
Component: qpid-jca
Version: 2.0
Hardware: All
OS: All
high
high
Target Milestone: 2.1.2
: ---
Assignee: messaging-bugs
QA Contact: MRG Quality Engineering
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-09-08 17:41 UTC by Weston M. Price
Modified: 2016-02-22 00:59 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Weston M. Price 2011-09-08 17:41:04 UTC
Use of the guest/guest user-name/password combination should be removed from the JCA adapter as it is no longer favored for default security requirements. In it's place, we are using the following connection URL:

amqp://anonymous:@client/test?brokerlist='tcp://localhost:5672?sasl_mechs='ANONYMOUS''

Similarly, the ra.xml file included the properties 'DefaultUserName, DefaultPassword' these should be renamed to UserName, Password to avoid confusion that we do indeed accept a default user name and password as this is no longer correct.

Comment 1 Andrew Stitcher 2011-09-08 18:05:39 UTC
User and password are optional fields in the url, so the replacement can be somewhat simpler:

amqp://client/test?brokerlist='tcp://localhost:5672'?sasl_mechs='ANONYMOUS'

Note that the ' are incorrect in the options in the previous comment.

Comment 2 Andrew Stitcher 2011-09-08 18:10:15 UTC
Sorry, thinking more I'm not sure whether the sasl_mechs option attaches to the url as a whole or the specific tcp address so it might be:

amqp://client/test?brokerlist='tcp://localhost:5672?sasl_mechs=\'ANONYMOUS\''

But I think you would need to escape the ' in the latter case.

Comment 3 Weston M. Price 2011-09-08 18:10:50 UTC
amqp://client/test?brokerlist='tcp://localhost:5672'?sasl_mechs='ANONYMOUS''

Updated URL as per comment above.

Comment 4 Andrew Stitcher 2011-09-22 13:30:55 UTC
This has been fixed in package qpid-java-jca-0.10-10

Comment 5 Jiri Pechanec 2011-11-07 13:52:14 UTC
The configuration
  <mbean code="org.jboss.resource.deployment.AdminObject"
         name="qpid.factory:name=remoteConnectionFactory">
    <attribute name="JNDIName">remoteConnectionFactory</attribute>
    <depends optional-attribute-name="RARName">jboss.jca:service=RARDeployment,name='qpid-ra.rar'</depends>
    <attribute name="Type">javax.jms.ConnectionFactory</attribute>
    <attribute name="Properties">
      connectionURL=amqp://client/test?brokerlist='tcp://mrg01.mw.lab.eng.bos.redhat.com:5672'?sasl_mechs='ANONYMOUS''
    </attribute>
  </mbean>

throws an exception

2011-11-07 14:48:54,297 ERROR [org.jboss.kernel.plugins.dependency.AbstractKernelController:419] (main) Error installing to Start: name=qpid.factory:name=remoteConnectionFactory state=Create mode=Manual requiredState=Installed
javax.naming.NamingException: User information not found on url at index 7: amqp://client/test?brokerlist='tcp://mrg01.mw.lab.eng.bos.redhat.com:5672'?sasl_mechs='ANONYMOUS''
        at org.apache.qpid.ra.admin.QpidConnectionFactoryProxy.getReference(QpidConnectionFactoryProxy.java:119)
        at org.jnp.interfaces.NamingContext.bind(NamingContext.java:632)
        at org.jnp.interfaces.NamingContext.bind(NamingContext.java:611)
        at javax.naming.InitialContext.bind(InitialContext.java:417)
        at org.jboss.util.naming.Util.bind(Util.java:105)
        at org.jboss.util.naming.Util.bind(Util.java:91)
        at org.jboss.resource.deployment.AdminObject.bind(AdminObject.java:162)
        at org.jboss.resource.deployment.AdminObject.startService(AdminObject.java:103)
        at org.jboss.system.ServiceMBeanSupport.jbossInternalStart(ServiceMBeanSupport.java:376)
        at org.jboss.system.ServiceMBeanSupport.jbossInternalLifecycle(ServiceMBeanSupport.java:322)

Comment 6 Weston M. Price 2011-11-07 14:11:47 UTC
The connection URL should read:

amqp://anonymous:@client/test?brokerlist='tcp://mrg01.mw.lab.eng.bos.redhat.com:5672'?sasl_mechs='ANONYMOUS''

Note the identity of anonymous.


Note You need to log in before you can comment on or make changes to this bug.