activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Timothy Bish (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AMQ-3625) NullPointer Exceptions when networked broker sends certificate with an invalid user name
Date Tue, 20 Dec 2011 14:03:31 GMT

    [ https://issues.apache.org/jira/browse/AMQ-3625?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13173204#comment-13173204
] 

Timothy Bish commented on AMQ-3625:
-----------------------------------

The patch doesn't address the real issue here which is that the TransportConnection is continuing
to process incoming commands from the its Transport after the detection of a Security violation
from the Connection request.  It seems that the safer thing to do here would be to block processing
of any additional incoming commands and terminate the connection after sending back a ConnectionError
command to the connecting client.
                
> NullPointer Exceptions when networked broker sends certificate with an invalid user name
> ----------------------------------------------------------------------------------------
>
>                 Key: AMQ-3625
>                 URL: https://issues.apache.org/jira/browse/AMQ-3625
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: Broker
>    Affects Versions: 5.5.1
>            Reporter: Stan Lewis
>            Priority: Minor
>         Attachments: 0001-Avoid-NPE.patch
>
>
> Couple NPEs pop out when a connecting one broker to another using authentication if the
authentication fails:
> WARN | Failed to add Connection ID:Susan-Javureks-MacBook-Pro-3.local-53150-1322608354523-5:1,
reason: java.lang.SecurityException: User name [null] or password is invalid. No user for
client certificate: CN=Dave Stanley, OU=FuseSource, O=Progress, L=Unknown, ST=MA, C=US
> WARN | Async error occurred: java.lang.SecurityException: User name [null] or password
is invalid. No user for client certificate: CN=Dave Stanley, OU=FuseSource, O=Progress, L=Unknown,
ST=MA, C=US
> java.lang.SecurityException: User name [null] or password is invalid. No user for client
certificate: CN=Dave Stanley, OU=FuseSource, O=Progress, L=Unknown, ST=MA, C=US
> at org.apache.activemq.security.JaasCertificateAuthenticationBroker.addConnection(JaasCertificateAuthenticationBroker.java:102)
> at org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:85)
> at org.apache.activemq.broker.MutableBrokerFilter.addConnection(MutableBrokerFilter.java:91)
> at org.apache.activemq.broker.TransportConnection.processAddConnection(TransportConnection.java:707)
> at org.apache.activemq.broker.jmx.ManagedTransportConnection.processAddConnection(ManagedTransportConnection.java:77)
> at org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:139)
> at org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:318)
> at org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:181)
> at org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java:69)
> at org.apache.activemq.transport.WireFormatNegotiator.onCommand(WireFormatNegotiator.java:113)
> at org.apache.activemq.transport.InactivityMonitor.onCommand(InactivityMonitor.java:227)
> at org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:83)
> at org.apache.activemq.transport.tcp.SslTransport.doConsume(SslTransport.java:91)
> at org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:223)
> at org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:205)
> at java.lang.Thread.run(Thread.java:680)
> Caused by: javax.security.auth.login.FailedLoginException: No user for client certificate:
CN=Dave Stanley, OU=FuseSource, O=Progress, L=Unknown, ST=MA, C=US
> at org.apache.activemq.jaas.CertificateLoginModule.login(CertificateLoginModule.java:93)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
> at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
> at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
> at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
> at org.apache.activemq.security.JaasCertificateAuthenticationBroker.addConnection(JaasCertificateAuthenticationBroker.java:87)
> ... 15 more
> {color:red}WARN | Async error occurred: java.lang.NullPointerException
> java.lang.NullPointerException{color}
> at org.apache.activemq.broker.TransportConnection.processAddProducer(TransportConnection.java:512)
> at org.apache.activemq.command.ProducerInfo.visit(ProducerInfo.java:105)
> at org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:318)
> at org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:181)
> at org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java:69)
> at org.apache.activemq.transport.WireFormatNegotiator.onCommand(WireFormatNegotiator.java:113)
> at org.apache.activemq.transport.InactivityMonitor.onCommand(InactivityMonitor.java:227)
> at org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:83)
> at org.apache.activemq.transport.tcp.SslTransport.doConsume(SslTransport.java:91)
> at org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:223)
> at org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:205)
> at java.lang.Thread.run(Thread.java:680)
> WARN | {color:red}Async error occurred: java.lang.NullPointerException
> java.lang.NullPointerException{color}
> at org.apache.activemq.broker.TransportConnection.processAddConsumer(TransportConnection.java:551)
> at org.apache.activemq.command.ConsumerInfo.visit(ConsumerInfo.java:349)
> at org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:318)
> at org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:181)
> at org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java:69)
> at org.apache.activemq.transport.WireFormatNegotiator.onCommand(WireFormatNegotiator.java:113)
> at org.apache.activemq.transport.InactivityMonitor.onCommand(InactivityMonitor.java:227)
> at org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:83)
> at org.apache.activemq.transport.tcp.SslTransport.doConsume(SslTransport.java:91)
> at org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:223)
> at org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:205)
> at java.lang.Thread.run(Thread.java:680)
> In this case the actual problem is the certificate doesn't match the configured password,
but the two NPEs after this exception don't look good.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message