Bug 828442 - When sending a message, Java client gets unauthorized-access error due to using "ILADDRESS=<emailaddr>" as the user-id
When sending a message, Java client gets unauthorized-access error due to usi...
Status: CLOSED ERRATA
Product: Red Hat Enterprise MRG
Classification: Red Hat
Component: qpid-java (Show other bugs)
2.1
Unspecified Unspecified
medium Severity medium
: 3.0
: ---
Assigned To: Rajith Attapattu
Ernie
:
Depends On:
Blocks: 785156
  Show dependency treegraph
 
Reported: 2012-06-04 14:13 EDT by Mike Cressman
Modified: 2014-09-24 11:04 EDT (History)
5 users (show)

See Also:
Fixed In Version: qpid-java-0.22-3.el6, qpid-java-0.22-2.el5
Doc Type: Bug Fix
Doc Text:
The Java client code was excepting the Certificate Name (CN) to be the first entry in the name string. If the CN was not the first entry, the extracted value was not the correct user-id, which could have resulted in issues when message authentication was used. The fix now ensures the parsing logic finds the CN string first before extracting the user-id, which results in the correct user-id not being extracted from the name string.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-09-24 11:04:28 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Apache JIRA QPID-4849 None None None Never
Red Hat Knowledge Base (Solution) 134473 None None None Never

  None (edit)
Description Mike Cressman 2012-06-04 14:13:13 EDT
Description of problem:
When the certificate subject contains a certificate name as well as an email address, the email address is used as the user-id name in the message (message properties).  If the email address does not match the valid qpid user id, the message fails to send and an error is received.


Version-Release number of selected component (if applicable):
qpid-java-0.14-3.el6

How reproducible:
100%

Steps to Reproduce:
See comment below
  
Actual results:
Client receives an authorization error:
2012-05-17 12:54:40 error Execution exception: unauthorized-access: authorised user id : <valid-user@QPID> but user id in message declared as <ILADDRESS=email-addr> (qpid/broker/SemanticState.cpp:475)


Expected results:
Message is able to be sent.

Additional info:
Works fine with python and C++.
Comment 4 Justin Ross 2013-02-22 08:01:45 EST
Rajith, please assess.
Comment 5 Rajith Attapattu 2013-05-15 11:20:04 EDT
This issue is tracked in upstream via https://issues.apache.org/jira/browse/QPID-4849
Comment 6 Rajith Attapattu 2013-05-15 17:02:04 EDT
A fix has been committed upstream http://svn.apache.org/r1483079
Comment 9 Ernie 2013-08-16 14:51:03 EDT
Verified rhel 6.4 x86_64 and i686

x86_64
java-1.7.0-openjdk-1.7.0.25-2.3.10.4.el6_4.x86_64
java-1.7.0-openjdk-devel-1.7.0.25-2.3.10.4.el6_4.x86_64
java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.4.1.el6_3.noarch
java_cup-0.10k-5.el6.x86_64
perl-qpid-0.22-5.el6.x86_64
python-qpid-0.22-4.el6.noarch
python-qpid-qmf-0.22-7.el6.x86_64
qpid-cpp-client-0.22-8.el6.x86_64
qpid-cpp-client-devel-0.22-8.el6.x86_64
qpid-cpp-client-devel-docs-0.22-8.el6.noarch
qpid-cpp-client-rdma-0.22-8.el6.x86_64
qpid-cpp-client-ssl-0.22-8.el6.x86_64
qpid-cpp-debuginfo-0.22-8.el6.x86_64
qpid-cpp-server-0.22-8.el6.x86_64
qpid-cpp-server-devel-0.22-8.el6.x86_64
qpid-cpp-server-ha-0.22-8.el6.x86_64
qpid-cpp-server-rdma-0.22-8.el6.x86_64
qpid-cpp-server-ssl-0.22-8.el6.x86_64
qpid-cpp-server-store-0.22-8.el6.x86_64
qpid-cpp-server-xml-0.22-8.el6.x86_64
qpid-cpp-tar-0.22-8.el6.noarch
qpid-java-client-0.22-5.el6.noarch
qpid-java-common-0.22-5.el6.noarch
qpid-java-example-0.22-5.el6.noarch
qpid-proton-c-0.4-2.2.el6.x86_64
qpid-proton-c-devel-0.4-2.2.el6.x86_64
qpid-proton-debuginfo-0.4-2.2.el6.x86_64
qpid-qmf-0.22-7.el6.x86_64
qpid-qmf-debuginfo-0.22-7.el6.x86_64
qpid-qmf-devel-0.22-7.el6.x86_64
qpid-snmpd-1.0.0-12.el6.x86_64
qpid-snmpd-debuginfo-1.0.0-12.el6.x86_64
qpid-tests-0.22-4.el6.noarch
qpid-tools-0.22-3.el6.noarch
rh-qpid-cpp-tests-0.22-8.el6.x86_64
ruby-qpid-0.7.946106-2.el6.x86_64
tzdata-java-2013c-2.el6.noarch

i686
java-1.7.0-openjdk-1.7.0.25-2.3.10.4.el6_4.i686
java-1.7.0-openjdk-devel-1.7.0.25-2.3.10.4.el6_4.i686
java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.4.1.el6_3.noarch
java_cup-0.10k-5.el6.i686
perl-qpid-0.22-5.el6.i686
python-qpid-0.22-4.el6.noarch
python-qpid-qmf-0.22-7.el6.i686
qpid-cpp-client-0.22-8.el6.i686
qpid-cpp-client-devel-0.22-8.el6.i686
qpid-cpp-client-devel-docs-0.22-8.el6.noarch
qpid-cpp-client-rdma-0.22-8.el6.i686
qpid-cpp-client-ssl-0.22-8.el6.i686
qpid-cpp-debuginfo-0.22-8.el6.i686
qpid-cpp-server-0.22-8.el6.i686
qpid-cpp-server-devel-0.22-8.el6.i686
qpid-cpp-server-ha-0.22-8.el6.i686
qpid-cpp-server-rdma-0.22-8.el6.i686
qpid-cpp-server-ssl-0.22-8.el6.i686
qpid-cpp-server-store-0.22-8.el6.i686
qpid-cpp-server-xml-0.22-8.el6.i686
qpid-cpp-tar-0.22-8.el6.noarch
qpid-java-client-0.22-5.el6.noarch
qpid-java-common-0.22-5.el6.noarch
qpid-java-example-0.22-5.el6.noarch
qpid-proton-c-0.4-2.2.el6.i686
qpid-proton-c-devel-0.4-2.2.el6.i686
qpid-proton-debuginfo-0.4-2.2.el6.i686
qpid-qmf-0.22-7.el6.i686
qpid-qmf-debuginfo-0.22-7.el6.i686
qpid-qmf-devel-0.22-7.el6.i686
qpid-snmpd-1.0.0-12.el6.i686
qpid-snmpd-debuginfo-1.0.0-12.el6.i686
qpid-tests-0.22-4.el6.noarch
qpid-tools-0.22-3.el6.noarch
rh-qpid-cpp-tests-0.22-8.el6.i686
ruby-qpid-qmf-0.22-7.el6.i686
tzdata-java-2013c-2.el6.noarch



reproduced on 6.4 i686
java-1.7.0-openjdk-1.7.0.9-2.3.4.1.el6_3.i686
java-1.7.0-openjdk-devel-1.7.0.9-2.3.4.1.el6_3.i686
java_cup-0.10k-5.el6.i686
python-qpid-0.14-11.el6_3.noarch
python-qpid-qmf-0.14-14.el6_3.i686
qpid-cpp-client-0.14-22.el6_3.i686
qpid-cpp-client-ssl-0.14-22.el6_3.i686
qpid-cpp-server-0.14-22.el6_3.i686
qpid-cpp-server-ssl-0.14-22.el6_3.i686
qpid-java-client-0.14-3.el6.noarch
qpid-java-common-0.14-3.el6.noarch
qpid-java-example-0.14-3.el6.noarch
qpid-qmf-0.14-14.el6_3.i686
ruby-qpid-qmf-0.14-14.el6_3.i686
tzdata-java-2012j-1.el6.noarch
Comment 12 errata-xmlrpc 2014-09-24 11:04:28 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHEA-2014-1296.html

Note You need to log in before you can comment on or make changes to this bug.