activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From PieterN <>
Subject Re: Getting Stomp support to a usable state...
Date Mon, 11 Jun 2007 13:17:43 GMT

Tom Samplonius-2 wrote:
>   Actually, it appears that the username and password are ignored.  I
> fought with JAAS for about four hours before decided to try to read the
> code, and the comments say that the password is ignored.  There appears to
> be no way to get a config that doesn't 
> check the password.  From
>         // allow anyone to login for now
>         String login = (String)headers.get(Stomp.Headers.Connect.LOGIN);
>         String passcode =
> (String)headers.get(Stomp.Headers.Connect.PASSCODE);
>         String clientId =
> (String)headers.get(Stomp.Headers.Connect.CLIENT_ID);
> There is no indication there is any attempt to validate the username and
> password via any sort of auth plugin.  I assume based on the "for now"
> comment, that someone is working on this.
The authentication is done elsewhere, not in the Stomp protocol code. A
security exception is cast when this fails (this is shown in the log if
debugging is enabled). However, this exception isn't dealt with properly:
the stomp code just continues and the connection stays open. A quick and
dirty patch is below. A better way to handle is to send a Stomp ERROR frame,
and then disconnect. Unfortunately I don't have any time to fix a proper



2007-05-11 02:02:04.000000000 +0200
2007-05-22 12:41:32.000000000 +0200
@@ -36,6 +36,7 @@
 import org.apache.activemq.command.ConnectionInfo;
 import org.apache.activemq.command.ConsumerId;
 import org.apache.activemq.command.ConsumerInfo;
+import org.apache.activemq.command.ExceptionResponse;
 import org.apache.activemq.command.LocalTransactionId;
 import org.apache.activemq.command.MessageAck;
 import org.apache.activemq.command.MessageDispatch;
@@ -413,7 +414,18 @@

                sendToActiveMQ(connectionInfo, new ResponseHandler(){
-                       public void onResponse(ProtocolConverter converter,
Response response) throws IOException {
+                       public void onResponse(ProtocolConverter converter,
Response response) throws IOException, ProtocolException {
+                               /* PN: if the response is an exception,
propagate the exception to send an ERROR frame */
+                               if (response.isException()) {
+                                       ExceptionResponse exception =
(ExceptionResponse) response;
+                                       // apparently, other (non-fatal)
exceptions are generated as well (see debug log)
+                                       if (exception.getException()
instanceof SecurityException) {
+                                               // FIXME: should set up
connection, send an ERROR frame, and disconnect
+                                               // this disconnects
+                                               throw new
+                                       }
+                               }

                    final SessionInfo sessionInfo = new

View this message in context:
Sent from the ActiveMQ - User mailing list archive at

View raw message