[jira] [Commented] (QPIDJMS-65) CRAM-MD5 SASL mechanism throws NullPointerException when no username or password is specified

Robbie Gemmell (JIRA) Tue, 02 Jun 2015 04:28:10 -0700

    [ 
https://issues.apache.org/jira/browse/QPIDJMS-65?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14568969#comment-14568969
 ]


Robbie Gemmell commented on QPIDJMS-65:
---------------------------------------

Agreed. Being able to configure which mechanism(s) the client should elect to 
utilise is also something else that has been in mind (e.g it is mentioned on 
QPIDJMS-61, though needs its own JIRA really)

> CRAM-MD5 SASL mechanism throws NullPointerException when no username or 
> password is specified
> ---------------------------------------------------------------------------------------------
>
>                 Key: QPIDJMS-65
>                 URL: https://issues.apache.org/jira/browse/QPIDJMS-65
>             Project: Qpid JMS
>          Issue Type: Bug
>    Affects Versions: 0.2.0
>            Reporter: Jakub Scholz
>            Priority: Minor
>         Attachments: QPIDJMS-65.patch
>
>
> When the CRAM-MD5 SASL mechanism is used and no jms.username or jms.password 
> parameter was specified in connection URI, a NullPointerExpception will be 
> thrown, for example:
> {code}TRACE org.apache.qpid.jms.transports.netty.NettyTcpTransport - 
> Attempted write of: 8 bytes
> TRACE org.apache.qpid.jms.transports.netty.NettyTcpTransport - New data read: 
> 68 bytes incoming: UnpooledHeapByteBuf(ridx: 0, widx: 68, cap: 65536)
> TRACE org.apache.qpid.jms.provider.amqp.AmqpProvider - Received from Broker 
> 68 bytes: UnpooledHeapByteBuf(ridx: 0, widx: 68, cap: 65536)
> TRACE org.apache.qpid.jms.provider.amqp.AmqpProvider - New Proton Event: 
> CONNECTION_INIT
> TRACE org.apache.qpid.jms.provider.amqp.AmqpProvider - New Proton Event: 
> SESSION_INIT
> TRACE org.apache.qpid.jms.provider.amqp.AmqpProvider - New Proton Event: 
> CONNECTION_LOCAL_OPEN
> DEBUG org.apache.qpid.jms.sasl.SaslMechanismFinder - Unknown SASL mechanism: 
> [DIGEST-MD5]
> INFO org.apache.qpid.jms.sasl.SaslMechanismFinder - Best match for SASL auth 
> was: SASL-CRAM-MD5
> TRACE org.apache.qpid.jms.transports.netty.NettyTcpTransport - Attempted 
> write of: 24 bytes
> TRACE org.apache.qpid.jms.transports.netty.NettyTcpTransport - New data read: 
> 55 bytes incoming: UnpooledHeapByteBuf(ridx: 0, widx: 55, cap: 65536)
> TRACE org.apache.qpid.jms.provider.amqp.AmqpProvider - Received from Broker 
> 55 bytes: UnpooledHeapByteBuf(ridx: 0, widx: 55, cap: 65536)
> WARN org.apache.qpid.jms.provider.amqp.AmqpProvider - Caught Exception during 
> update processing: null
> java.lang.NullPointerException
>       at 
> org.apache.qpid.jms.sasl.CramMD5Mechanism.getChallengeResponse(CramMD5Mechanism.java:57)
>       at 
> org.apache.qpid.jms.provider.amqp.AmqpSaslAuthenticator.handleSaslStep(AmqpSaslAuthenticator.java:111)
>       at 
> org.apache.qpid.jms.provider.amqp.AmqpSaslAuthenticator.authenticate(AmqpSaslAuthenticator.java:63)
>       at 
> org.apache.qpid.jms.provider.amqp.AmqpConnection.processSaslAuthentication(AmqpConnection.java:155)
>       at 
> org.apache.qpid.jms.provider.amqp.AmqpProvider.processUpdates(AmqpProvider.java:777)
>       at 
> org.apache.qpid.jms.provider.amqp.AmqpProvider.access$1500(AmqpProvider.java:87)
>       at 
> org.apache.qpid.jms.provider.amqp.AmqpProvider$16.run(AmqpProvider.java:667)
>       at 
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
>       at java.util.concurrent.FutureTask.run(FutureTask.java:262)
>       at 
> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:178)
>       at 
> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:292)
>       at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
>       at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
>       at java.lang.Thread.run(Thread.java:745)
> javax.jms.JMSException: java.lang.NullPointerException
> Exception occurred and was caught by onException
>       at 
> org.apache.qpid.jms.exceptions.JmsExceptionSupport.create(JmsExceptionSupport.java:60)
>       at 
> org.apache.qpid.jms.JmsConnection.onAsyncException(JmsConnection.java:1169)
>       at 
> org.apache.qpid.jms.JmsConnection.onConnectionFailure(JmsConnection.java:1085)
>       at 
> org.apache.qpid.jms.provider.amqp.AmqpProvider.fireProviderException(AmqpProvider.java:832)
>       at 
> org.apache.qpid.jms.provider.amqp.AmqpProvider.processUpdates(AmqpProvider.java:781)
>       at 
> org.apache.qpid.jms.provider.amqp.AmqpProvider.access$1500(AmqpProvider.java:87)
>       at 
> org.apache.qpid.jms.provider.amqp.AmqpProvider$16.run(AmqpProvider.java:667)
>       at 
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
>       at java.util.concurrent.FutureTask.run(FutureTask.java:262)
>       at 
> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:178)
>       at 
> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:292)
>       at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
>       at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
>       at java.lang.Thread.run(Thread.java:745)
> Caused by: java.io.IOException: java.lang.NullPointerException
>       at 
> org.apache.qpid.jms.util.IOExceptionSupport.create(IOExceptionSupport.java:45)
>       ... 11 more
> Caused by: java.lang.NullPointerException
>       at 
> org.apache.qpid.jms.sasl.CramMD5Mechanism.getChallengeResponse(CramMD5Mechanism.java:57)
>       at 
> org.apache.qpid.jms.provider.amqp.AmqpSaslAuthenticator.handleSaslStep(AmqpSaslAuthenticator.java:111)
>       at 
> org.apache.qpid.jms.provider.amqp.AmqpSaslAuthenticator.authenticate(AmqpSaslAuthenticator.java:63)
>       at 
> org.apache.qpid.jms.provider.amqp.AmqpConnection.processSaslAuthentication(AmqpConnection.java:155)
>       at 
> org.apache.qpid.jms.provider.amqp.AmqpProvider.processUpdates(AmqpProvider.java:777)
>       ... 9 more{code}
> The PLAIN mechanism actually validates username and password and replaces it 
> with empty string in case they are null. However, setting the password to 
> empty string causes another exception in SecretKeySpec. So the password has 
> to be set for example to space to make it work.
> Is missing username or password (or set to empty string) actually a valid 
> scenario? For example I don't think it can be configured on the Qpid C++ 
> broker.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org

[jira] [Commented] (QPIDJMS-65) CRAM-MD5 SASL mechanism throws NullPointerException when no username or password is specified

Reply via email to