activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "SL (Created) (JIRA)" <>
Subject [jira] [Created] (AMQ-3688) slave fail if client connected to master via SSL in master/slave configuration
Date Mon, 30 Jan 2012 10:27:10 GMT
slave fail if client connected to master via SSL in master/slave configuration

                 Key: AMQ-3688
             Project: ActiveMQ
          Issue Type: Bug
          Components: Broker
    Affects Versions: 5.5.1, 5.5.0
         Environment: A master broker with SSL enabled and client certificate authentication.
A slave broker with a master connector using a TCP transport with username and password set.
On each broker, JaasDualAuthenticationPlugin enabled.
On each broker an authorizationMap restraining access to queues to specified groups.
            Reporter: SL

0/ the master/slave configuration is started, the slave have started its master connector
using its credential (username/pasword) and a MasterBroker instance have been created on the
1/ a client creates a new connection on the master broker with ssl and its client certificate.
the ConnectionInfo is propagated through the BrokerFilter stack with addConnection().
2/ the MasterBroker sends the ConnectionInfo to the slave via sendAsyncToSlave(Command command)
; the ConnectionInfo have userName=null and password=null but appropriate transportContext
information that allowed it to pass though JaasCertificateAuthenticationBroker is set.
3/ The slave broker receive the ConnectionInfo command, does not have the initial SSL transportContext,
channel it as no SSL to JaasAuthenticationBroker, which choke on the null userName ( ->
NPE in login() -> Login failed exception )
4/ Each message inserted on the master by the ssl client triggers an exception (Slave Failed)
for the the unreferenced connection id on the slave side. 

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:!default.jspa
For more information on JIRA, see:


View raw message