activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "SL (Created) (JIRA)" <j...@apache.org>
Subject [jira] [Created] (AMQ-3688) slave fail if client connected to master via SSL in master/slave configuration
Date Mon, 30 Jan 2012 10:27:10 GMT
slave fail if client connected to master via SSL in master/slave configuration
------------------------------------------------------------------------------

                 Key: AMQ-3688
                 URL: https://issues.apache.org/jira/browse/AMQ-3688
             Project: ActiveMQ
          Issue Type: Bug
          Components: Broker
    Affects Versions: 5.5.1, 5.5.0
         Environment: A master broker with SSL enabled and client certificate authentication.
A slave broker with a master connector using a TCP transport with username and password set.
On each broker, JaasDualAuthenticationPlugin enabled.
On each broker an authorizationMap restraining access to queues to specified groups.
            Reporter: SL


0/ the master/slave configuration is started, the slave have started its master connector
using its credential (username/pasword) and a MasterBroker instance have been created on the
master.
1/ a client creates a new connection on the master broker with ssl and its client certificate.
the ConnectionInfo is propagated through the BrokerFilter stack with addConnection().
2/ the MasterBroker sends the ConnectionInfo to the slave via sendAsyncToSlave(Command command)
; the ConnectionInfo have userName=null and password=null but appropriate transportContext
information that allowed it to pass though JaasCertificateAuthenticationBroker is set.
3/ The slave broker receive the ConnectionInfo command, does not have the initial SSL transportContext,
channel it as no SSL to JaasAuthenticationBroker, which choke on the null userName ( ->
NPE in login() -> Login failed exception )
4/ Each message inserted on the master by the ssl client triggers an exception (Slave Failed)
for the the unreferenced connection id on the slave side. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message