Bug 828442 – When sending a message, Java client gets unauthorized-access error due to using "ILADDRESS=<emailaddr>" as the user-id

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 828442 - When sending a message, Java client gets unauthorized-access error due to using "ILADDRESS=<emailaddr>" as the user-id

Summary:	When sending a message, Java client gets unauthorized-access error due to usi...

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise MRG
Classification:	Red Hat
Component:	qpid-java (Show other bugs)
Sub Component:
Version:	2.1
Hardware:	Unspecified Unspecified

Priority	medium Severity medium
Target Milestone:	3.0
Target Release:	---
Assigned To:	Rajith Attapattu
QA Contact:	Ernie
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:	785156
	Show dependency tree / graph

Reported:	2012-06-04 14:13 EDT by Mike Cressman
Modified:	2014-09-24 11:04 EDT (History)
CC List:	5 users (show)

See Also:
Fixed In Version:	qpid-java-0.22-3.el6, qpid-java-0.22-2.el5
Doc Type:	Bug Fix
Doc Text:	The Java client code was excepting the Certificate Name (CN) to be the first entry in the name string. If the CN was not the first entry, the extracted value was not the correct user-id, which could have resulted in issues when message authentication was used. The fix now ensures the parsing logic finds the CN string first before extracting the user-id, which results in the correct user-id not being extracted from the name string.
Story Points:	---
Clone Of:
Environment:
Last Closed:	2014-09-24 11:04:28 EDT
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Apache JIRA	QPID-4849	None	None	None	Never
Red Hat Knowledge Base (Solution)	134473	None	None	None	Never
Red Hat Product Errata	RHEA-2014:1296	normal	SHIPPED_LIVE	Red Hat Enterprise MRG Messaging 3.0 Release	2014-09-24 15:00:06 EDT

Groups: None (edit)

Description Mike Cressman 2012-06-04 14:13:13 EDT

Description of problem:
When the certificate subject contains a certificate name as well as an email address, the email address is used as the user-id name in the message (message properties).  If the email address does not match the valid qpid user id, the message fails to send and an error is received.


Version-Release number of selected component (if applicable):
qpid-java-0.14-3.el6

How reproducible:
100%

Steps to Reproduce:
See comment below
  
Actual results:
Client receives an authorization error:
2012-05-17 12:54:40 error Execution exception: unauthorized-access: authorised user id : <valid-user@QPID> but user id in message declared as <ILADDRESS=email-addr> (qpid/broker/SemanticState.cpp:475)


Expected results:
Message is able to be sent.

Additional info:
Works fine with python and C++.

Comment 4 Justin Ross 2013-02-22 08:01:45 EST

Rajith, please assess.

Comment 5 Rajith Attapattu 2013-05-15 11:20:04 EDT

This issue is tracked in upstream via https://issues.apache.org/jira/browse/QPID-4849

Comment 6 Rajith Attapattu 2013-05-15 17:02:04 EDT

A fix has been committed upstream http://svn.apache.org/r1483079

Comment 9 Ernie 2013-08-16 14:51:03 EDT

Verified rhel 6.4 x86_64 and i686

x86_64
java-1.7.0-openjdk-1.7.0.25-2.3.10.4.el6_4.x86_64
java-1.7.0-openjdk-devel-1.7.0.25-2.3.10.4.el6_4.x86_64
java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.4.1.el6_3.noarch
java_cup-0.10k-5.el6.x86_64
perl-qpid-0.22-5.el6.x86_64
python-qpid-0.22-4.el6.noarch
python-qpid-qmf-0.22-7.el6.x86_64
qpid-cpp-client-0.22-8.el6.x86_64
qpid-cpp-client-devel-0.22-8.el6.x86_64
qpid-cpp-client-devel-docs-0.22-8.el6.noarch
qpid-cpp-client-rdma-0.22-8.el6.x86_64
qpid-cpp-client-ssl-0.22-8.el6.x86_64
qpid-cpp-debuginfo-0.22-8.el6.x86_64
qpid-cpp-server-0.22-8.el6.x86_64
qpid-cpp-server-devel-0.22-8.el6.x86_64
qpid-cpp-server-ha-0.22-8.el6.x86_64
qpid-cpp-server-rdma-0.22-8.el6.x86_64
qpid-cpp-server-ssl-0.22-8.el6.x86_64
qpid-cpp-server-store-0.22-8.el6.x86_64
qpid-cpp-server-xml-0.22-8.el6.x86_64
qpid-cpp-tar-0.22-8.el6.noarch
qpid-java-client-0.22-5.el6.noarch
qpid-java-common-0.22-5.el6.noarch
qpid-java-example-0.22-5.el6.noarch
qpid-proton-c-0.4-2.2.el6.x86_64
qpid-proton-c-devel-0.4-2.2.el6.x86_64
qpid-proton-debuginfo-0.4-2.2.el6.x86_64
qpid-qmf-0.22-7.el6.x86_64
qpid-qmf-debuginfo-0.22-7.el6.x86_64
qpid-qmf-devel-0.22-7.el6.x86_64
qpid-snmpd-1.0.0-12.el6.x86_64
qpid-snmpd-debuginfo-1.0.0-12.el6.x86_64
qpid-tests-0.22-4.el6.noarch
qpid-tools-0.22-3.el6.noarch
rh-qpid-cpp-tests-0.22-8.el6.x86_64
ruby-qpid-0.7.946106-2.el6.x86_64
tzdata-java-2013c-2.el6.noarch

i686
java-1.7.0-openjdk-1.7.0.25-2.3.10.4.el6_4.i686
java-1.7.0-openjdk-devel-1.7.0.25-2.3.10.4.el6_4.i686
java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.4.1.el6_3.noarch
java_cup-0.10k-5.el6.i686
perl-qpid-0.22-5.el6.i686
python-qpid-0.22-4.el6.noarch
python-qpid-qmf-0.22-7.el6.i686
qpid-cpp-client-0.22-8.el6.i686
qpid-cpp-client-devel-0.22-8.el6.i686
qpid-cpp-client-devel-docs-0.22-8.el6.noarch
qpid-cpp-client-rdma-0.22-8.el6.i686
qpid-cpp-client-ssl-0.22-8.el6.i686
qpid-cpp-debuginfo-0.22-8.el6.i686
qpid-cpp-server-0.22-8.el6.i686
qpid-cpp-server-devel-0.22-8.el6.i686
qpid-cpp-server-ha-0.22-8.el6.i686
qpid-cpp-server-rdma-0.22-8.el6.i686
qpid-cpp-server-ssl-0.22-8.el6.i686
qpid-cpp-server-store-0.22-8.el6.i686
qpid-cpp-server-xml-0.22-8.el6.i686
qpid-cpp-tar-0.22-8.el6.noarch
qpid-java-client-0.22-5.el6.noarch
qpid-java-common-0.22-5.el6.noarch
qpid-java-example-0.22-5.el6.noarch
qpid-proton-c-0.4-2.2.el6.i686
qpid-proton-c-devel-0.4-2.2.el6.i686
qpid-proton-debuginfo-0.4-2.2.el6.i686
qpid-qmf-0.22-7.el6.i686
qpid-qmf-debuginfo-0.22-7.el6.i686
qpid-qmf-devel-0.22-7.el6.i686
qpid-snmpd-1.0.0-12.el6.i686
qpid-snmpd-debuginfo-1.0.0-12.el6.i686
qpid-tests-0.22-4.el6.noarch
qpid-tools-0.22-3.el6.noarch
rh-qpid-cpp-tests-0.22-8.el6.i686
ruby-qpid-qmf-0.22-7.el6.i686
tzdata-java-2013c-2.el6.noarch



reproduced on 6.4 i686
java-1.7.0-openjdk-1.7.0.9-2.3.4.1.el6_3.i686
java-1.7.0-openjdk-devel-1.7.0.9-2.3.4.1.el6_3.i686
java_cup-0.10k-5.el6.i686
python-qpid-0.14-11.el6_3.noarch
python-qpid-qmf-0.14-14.el6_3.i686
qpid-cpp-client-0.14-22.el6_3.i686
qpid-cpp-client-ssl-0.14-22.el6_3.i686
qpid-cpp-server-0.14-22.el6_3.i686
qpid-cpp-server-ssl-0.14-22.el6_3.i686
qpid-java-client-0.14-3.el6.noarch
qpid-java-common-0.14-3.el6.noarch
qpid-java-example-0.14-3.el6.noarch
qpid-qmf-0.14-14.el6_3.i686
ruby-qpid-qmf-0.14-14.el6_3.i686
tzdata-java-2012j-1.el6.noarch

Comment 12 errata-xmlrpc 2014-09-24 11:04:28 EDT

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHEA-2014-1296.html

Note You need to log in before you can comment on or make changes to this bug.