activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From PieterN <service...@internethoofdkantoor.nl>
Subject Re: Getting Stomp support to a usable state...
Date Mon, 11 Jun 2007 13:17:43 GMT


Tom Samplonius-2 wrote:
> 
>   Actually, it appears that the username and password are ignored.  I
> fought with JAAS for about four hours before decided to try to read the
> code, and the comments say that the password is ignored.  There appears to
> be no way to get a config that doesn't 
> check the password.  From ProtocolConvertor.java:
> 
>         // allow anyone to login for now
>         String login = (String)headers.get(Stomp.Headers.Connect.LOGIN);
>         String passcode =
> (String)headers.get(Stomp.Headers.Connect.PASSCODE);
>         String clientId =
> (String)headers.get(Stomp.Headers.Connect.CLIENT_ID);
> 
> There is no indication there is any attempt to validate the username and
> password via any sort of auth plugin.  I assume based on the "for now"
> comment, that someone is working on this.
> 
The authentication is done elsewhere, not in the Stomp protocol code. A
security exception is cast when this fails (this is shown in the log if
debugging is enabled). However, this exception isn't dealt with properly:
the stomp code just continues and the connection stays open. A quick and
dirty patch is below. A better way to handle is to send a Stomp ERROR frame,
and then disconnect. Unfortunately I don't have any time to fix a proper
patch.

Regards,

Pieter

Patch:
---
../../../activemq-snapshot/src/activemq-core/src/main/java/org/apache/activemq/transport/stomp/ProtocolConverter.java
     
2007-05-11 02:02:04.000000000 +0200
+++
activemq-core/src/main/java/org/apache/activemq/transport/stomp/ProtocolConverter.java   
 
2007-05-22 12:41:32.000000000 +0200
@@ -36,6 +36,7 @@
 import org.apache.activemq.command.ConnectionInfo;
 import org.apache.activemq.command.ConsumerId;
 import org.apache.activemq.command.ConsumerInfo;
+import org.apache.activemq.command.ExceptionResponse;
 import org.apache.activemq.command.LocalTransactionId;
 import org.apache.activemq.command.MessageAck;
 import org.apache.activemq.command.MessageDispatch;
@@ -413,7 +414,18 @@
         connectionInfo.setPassword(passcode);

                sendToActiveMQ(connectionInfo, new ResponseHandler(){
-                       public void onResponse(ProtocolConverter converter,
Response response) throws IOException {
+                       public void onResponse(ProtocolConverter converter,
Response response) throws IOException, ProtocolException {
+
+                               /* PN: if the response is an exception,
propagate the exception to send an ERROR frame */
+                               if (response.isException()) {
+                                       ExceptionResponse exception =
(ExceptionResponse) response;
+                                       // apparently, other (non-fatal)
exceptions are generated as well (see debug log)
+                                       if (exception.getException()
instanceof SecurityException) {
+                                               // FIXME: should set up
connection, send an ERROR frame, and disconnect
+                                               // this disconnects
immediately
+                                               throw new
ProtocolException(exception.getException().getMessage());
+                                       }
+                               }

                    final SessionInfo sessionInfo = new
SessionInfo(sessionId);
                    sendToActiveMQ(sessionInfo,null);


-- 
View this message in context: http://www.nabble.com/Getting-Stomp-support-to-a-usable-state...-tf3858629s2354.html#a11060452
Sent from the ActiveMQ - User mailing list archive at Nabble.com.


Mime
View raw message