qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Amy Wu <...@adaptiveapps.com>
Subject RE: Clearing userId field on JMS message
Date Thu, 19 Jun 2014 16:49:11 GMT
Yes, I'm using a valid user because the JMS client is able to send messages to other C++ clients
authenticated using the same user.  it just can't send to the one using a different user.
 I tried removing EXTERNAL from my list of sasl mechs and only using PLAIN, and I was still
seeing the same error.

I'm using qpid 0.28
My acl contains:
acl allow all all

My JMS client broker url looks something like this:

My C++ client broker url uses something similar except user2

My qpid broker conf:

My qpid sasl conf:
pwcheck_method: auxprop
auxprop_plugin: sasldb
sasldb_path: /tmp/qpidd_sasl/qpidd.sasldb
mech_list: PLAIN
sql_select: dummy select

My sasldb looks like this:
$ sasldblistusers2 -f /tmp/qpidd_sasl/qpidd.sasldb 
user1@QPID: userPassword
user2@QPID: userPassword
user3@QPID: userPassword

Does any of this look incorrect?

From: Jakub Scholz [jakub@scholz.cz]
Sent: Thursday, June 19, 2014 9:10 AM
To: users@qpid.apache.org
Subject: Re: Clearing userId field on JMS message


Are you sure you get this error when receiving a message in the C++ client?
I saw this error in the past when sending messages from the JMS client when
the client set the UserID to a wrong user. It was caused by a bug when
creating the username from certificate subject (with EXTERNAL

We are using the broker to send messages between different users (both C++
as well as JMS) and it works fine. But of course there might be some bug in
the particular version of the broker you are using.


On Thu, Jun 19, 2014 at 12:40 AM, Amy Wu <Amy@adaptiveapps.com> wrote:

> Hi,
> I am using Qpid JMS to send messages to a C++ broker which will then be
> received by a C++ client.  My JMS client connects to the broker using a
> different authenticated user than the C++ client.  The issue I am running
> into is that when the JMS client sends a message, it sets the user_id
> property on the message so that when the C++ client receives the message,
> it errors out with something like:
> "unauthorized-access: authorised user id : user1@QPID but user id in
> message declared as user2
> (/builddir/build/BUILD/qpid-0.28-rc2/cpp/src/qpid/broker/SemanticState.cpp:497"
> Without having to force both my clients to authenticate using the same
> username, is there any way to work around this issue?
> The easiest solution seems to be to have my JMS client set the user_id
> property of the message to be empty string, but I can't seem to find a way
> to do this.  I see in
> org.apache.qpid.client.BasicMessageProducer_0_10.sendMessage there is the
> following line:
> messageProps.setUserId(userIDBytes);
> And tracing back, it looks like the userIDBytes is basically grabbed from
> the producer's connection username.
> But is there any way to prevent the setting of the user id from happening?
>  I know that when I send a message from the C++ client, the userId property
> of the message is empty by default.  Why is the JMS side different?
> Or an alternative is, is there a way to ignore the user_id field when
> receiving messages?
> Thanks

To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org

View raw message