qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alan Conway (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (PROTON-1589) How can I handle invalid SASL PLAIN credentials error when reconnect is on?
Date Tue, 19 Sep 2017 15:54:02 GMT

    [ https://issues.apache.org/jira/browse/PROTON-1589?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16171935#comment-16171935
] 

Alan Conway commented on PROTON-1589:
-------------------------------------

For reconnect we really need to identify authentication failure exceptions and treat them
differently from other failures and *not* attempt to reconnect. That might mean some refactoring
of our exception hierarchy so such exceptions can be clearly marked.

> How can I handle invalid SASL PLAIN credentials error when reconnect is on?
> ---------------------------------------------------------------------------
>
>                 Key: PROTON-1589
>                 URL: https://issues.apache.org/jira/browse/PROTON-1589
>             Project: Qpid Proton
>          Issue Type: Bug
>          Components: cpp-binding
>    Affects Versions: proton-c-0.18.0
>            Reporter: Jiri Danek
>            Assignee: Cliff Jansen
>
> Apply the following patch to the simple_send.cpp example
> {code}
> diff --git a/examples/cpp/simple_send.cpp b/examples/cpp/simple_send.cpp
> index a4c2272d..053da34f 100644
> --- a/examples/cpp/simple_send.cpp
> +++ b/examples/cpp/simple_send.cpp
> @@ -27,6 +27,7 @@
>  #include <proton/message.hpp>
>  #include <proton/message_id.hpp>
>  #include <proton/messaging_handler.hpp>
> +#include <proton/reconnect_options.hpp>
>  #include <proton/tracker.hpp>
>  #include <proton/types.hpp>
>  
> @@ -53,6 +54,12 @@ class simple_send : public proton::messaging_handler {
>          proton::connection_options co;
>          if (!user.empty()) co.user(user);
>          if (!password.empty()) co.password(password);
> +        co.sasl_enabled(true);
> +        co.sasl_allow_insecure_mechs(true);
> +        std::string sasl_mechanisms("PLAIN");
> +        co.sasl_allowed_mechs(sasl_mechanisms);
> +        proton::reconnect_options ro;
> +        co.reconnect(ro);
>          sender = c.open_sender(url, co);
>      }
> {code}
> Now attempt to connect to AMQP broker, for example ActiveMQ Artemis instance, which was
created with {{--require-login}}. The client gets stuck if you use invalid credentials.
> {noformat}
> PN_TRACE_FRM=1 examples/cpp/simple_send -a amqp://127.0.0.1:5672 -u nosuch -p user
> [0xed9980]:  -> SASL
> [0xed9980]:  <- SASL
> [0xed9980]:0 <- @sasl-mechanisms(64) [sasl-server-mechanisms=@PN_SYMBOL[:PLAIN, :ANONYMOUS]]
> [0xed9980]:0 -> @sasl-init(65) [mechanism=:PLAIN, initial-response=b"\x00nosuch\x00user"]
> [0xed9980]:0 <- @sasl-outcome(68) [code=1]
> [0xed9980]:  -> EOS
> [0xee7290]:  -> SASL
> [0xee7290]:  <- SASL
> [0xee7290]:0 <- @sasl-mechanisms(64) [sasl-server-mechanisms=@PN_SYMBOL[:PLAIN, :ANONYMOUS]]
> [0xee7290]:0 -> @sasl-init(65) [mechanism=:PLAIN, initial-response=b"\x00nosuch\x00user"]
> [0xee7290]:0 <- @sasl-outcome(68) [code=1]
> [0xee7290]:  -> EOS
> [0xeee6b0]:  -> SASL
> [0xeee6b0]:  <- SASL
> [0xeee6b0]:0 <- @sasl-mechanisms(64) [sasl-server-mechanisms=@PN_SYMBOL[:PLAIN, :ANONYMOUS]]
> [0xeee6b0]:0 -> @sasl-init(65) [mechanism=:PLAIN, initial-response=b"\x00nosuch\x00user"]
> [0xeee6b0]:0 <- @sasl-outcome(68) [code=1]
> [0xeee6b0]:  -> EOS
> {noformat}
> As you can see, the client keeps reconnecting. The previous behavior, if I recall correctly,
was to execute error handler in this case. To be exact, it would run {{on_transport_error}}
handler.
> I think that it is reasonable for the client to stop reconnecting and run this handler
if the reason for failed connection are wrong credentials. This condition is unlikely to resolve
itself on multiple retries.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message