Jakub Scholz created QPIDJMS-65:
-----------------------------------
Summary: CRAM-MD5 SASL mechanism throws NullPointerException when
no username or password is specified
Key: QPIDJMS-65
URL: https://issues.apache.org/jira/browse/QPIDJMS-65
Project: Qpid JMS
Issue Type: Bug
Affects Versions: 0.2.0
Reporter: Jakub Scholz
Priority: Minor
When the CRAM-MD5 SASL mechanism is used and no jms.username or jms.password
parameter was specified in connection URI, a NullPointerExpception will be
thrown, for example:
{code}TRACE org.apache.qpid.jms.transports.netty.NettyTcpTransport - Attempted
write of: 8 bytes
TRACE org.apache.qpid.jms.transports.netty.NettyTcpTransport - New data read:
68 bytes incoming: UnpooledHeapByteBuf(ridx: 0, widx: 68, cap: 65536)
TRACE org.apache.qpid.jms.provider.amqp.AmqpProvider - Received from Broker 68
bytes: UnpooledHeapByteBuf(ridx: 0, widx: 68, cap: 65536)
TRACE org.apache.qpid.jms.provider.amqp.AmqpProvider - New Proton Event:
CONNECTION_INIT
TRACE org.apache.qpid.jms.provider.amqp.AmqpProvider - New Proton Event:
SESSION_INIT
TRACE org.apache.qpid.jms.provider.amqp.AmqpProvider - New Proton Event:
CONNECTION_LOCAL_OPEN
DEBUG org.apache.qpid.jms.sasl.SaslMechanismFinder - Unknown SASL mechanism:
[DIGEST-MD5]
INFO org.apache.qpid.jms.sasl.SaslMechanismFinder - Best match for SASL auth
was: SASL-CRAM-MD5
TRACE org.apache.qpid.jms.transports.netty.NettyTcpTransport - Attempted write
of: 24 bytes
TRACE org.apache.qpid.jms.transports.netty.NettyTcpTransport - New data read:
55 bytes incoming: UnpooledHeapByteBuf(ridx: 0, widx: 55, cap: 65536)
TRACE org.apache.qpid.jms.provider.amqp.AmqpProvider - Received from Broker 55
bytes: UnpooledHeapByteBuf(ridx: 0, widx: 55, cap: 65536)
WARN org.apache.qpid.jms.provider.amqp.AmqpProvider - Caught Exception during
update processing: null
java.lang.NullPointerException
at
org.apache.qpid.jms.sasl.CramMD5Mechanism.getChallengeResponse(CramMD5Mechanism.java:57)
at
org.apache.qpid.jms.provider.amqp.AmqpSaslAuthenticator.handleSaslStep(AmqpSaslAuthenticator.java:111)
at
org.apache.qpid.jms.provider.amqp.AmqpSaslAuthenticator.authenticate(AmqpSaslAuthenticator.java:63)
at
org.apache.qpid.jms.provider.amqp.AmqpConnection.processSaslAuthentication(AmqpConnection.java:155)
at
org.apache.qpid.jms.provider.amqp.AmqpProvider.processUpdates(AmqpProvider.java:777)
at
org.apache.qpid.jms.provider.amqp.AmqpProvider.access$1500(AmqpProvider.java:87)
at
org.apache.qpid.jms.provider.amqp.AmqpProvider$16.run(AmqpProvider.java:667)
at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:178)
at
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:292)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
javax.jms.JMSException: java.lang.NullPointerException
Exception occurred and was caught by onException
at
org.apache.qpid.jms.exceptions.JmsExceptionSupport.create(JmsExceptionSupport.java:60)
at
org.apache.qpid.jms.JmsConnection.onAsyncException(JmsConnection.java:1169)
at
org.apache.qpid.jms.JmsConnection.onConnectionFailure(JmsConnection.java:1085)
at
org.apache.qpid.jms.provider.amqp.AmqpProvider.fireProviderException(AmqpProvider.java:832)
at
org.apache.qpid.jms.provider.amqp.AmqpProvider.processUpdates(AmqpProvider.java:781)
at
org.apache.qpid.jms.provider.amqp.AmqpProvider.access$1500(AmqpProvider.java:87)
at
org.apache.qpid.jms.provider.amqp.AmqpProvider$16.run(AmqpProvider.java:667)
at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:178)
at
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:292)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.io.IOException: java.lang.NullPointerException
at
org.apache.qpid.jms.util.IOExceptionSupport.create(IOExceptionSupport.java:45)
... 11 more
Caused by: java.lang.NullPointerException
at
org.apache.qpid.jms.sasl.CramMD5Mechanism.getChallengeResponse(CramMD5Mechanism.java:57)
at
org.apache.qpid.jms.provider.amqp.AmqpSaslAuthenticator.handleSaslStep(AmqpSaslAuthenticator.java:111)
at
org.apache.qpid.jms.provider.amqp.AmqpSaslAuthenticator.authenticate(AmqpSaslAuthenticator.java:63)
at
org.apache.qpid.jms.provider.amqp.AmqpConnection.processSaslAuthentication(AmqpConnection.java:155)
at
org.apache.qpid.jms.provider.amqp.AmqpProvider.processUpdates(AmqpProvider.java:777)
... 9 more{code}
The PLAIN mechanism actually validates username and password and replaces it
with empty string in case they are null. However, setting the password to empty
string causes another exception in SecretKeySpec. So the password has to be set
for example to space to make it work.
Is missing username or password (or set to empty string) actually a valid
scenario? For example I don't think it can be configured on the Qpid C++ broker.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
