[ https://issues.apache.org/jira/browse/QPIDJMS-65?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14568969#comment-14568969 ]
Robbie Gemmell commented on QPIDJMS-65: --------------------------------------- Agreed. Being able to configure which mechanism(s) the client should elect to utilise is also something else that has been in mind (e.g it is mentioned on QPIDJMS-61, though needs its own JIRA really) > CRAM-MD5 SASL mechanism throws NullPointerException when no username or > password is specified > --------------------------------------------------------------------------------------------- > > Key: QPIDJMS-65 > URL: https://issues.apache.org/jira/browse/QPIDJMS-65 > Project: Qpid JMS > Issue Type: Bug > Affects Versions: 0.2.0 > Reporter: Jakub Scholz > Priority: Minor > Attachments: QPIDJMS-65.patch > > > When the CRAM-MD5 SASL mechanism is used and no jms.username or jms.password > parameter was specified in connection URI, a NullPointerExpception will be > thrown, for example: > {code}TRACE org.apache.qpid.jms.transports.netty.NettyTcpTransport - > Attempted write of: 8 bytes > TRACE org.apache.qpid.jms.transports.netty.NettyTcpTransport - New data read: > 68 bytes incoming: UnpooledHeapByteBuf(ridx: 0, widx: 68, cap: 65536) > TRACE org.apache.qpid.jms.provider.amqp.AmqpProvider - Received from Broker > 68 bytes: UnpooledHeapByteBuf(ridx: 0, widx: 68, cap: 65536) > TRACE org.apache.qpid.jms.provider.amqp.AmqpProvider - New Proton Event: > CONNECTION_INIT > TRACE org.apache.qpid.jms.provider.amqp.AmqpProvider - New Proton Event: > SESSION_INIT > TRACE org.apache.qpid.jms.provider.amqp.AmqpProvider - New Proton Event: > CONNECTION_LOCAL_OPEN > DEBUG org.apache.qpid.jms.sasl.SaslMechanismFinder - Unknown SASL mechanism: > [DIGEST-MD5] > INFO org.apache.qpid.jms.sasl.SaslMechanismFinder - Best match for SASL auth > was: SASL-CRAM-MD5 > TRACE org.apache.qpid.jms.transports.netty.NettyTcpTransport - Attempted > write of: 24 bytes > TRACE org.apache.qpid.jms.transports.netty.NettyTcpTransport - New data read: > 55 bytes incoming: UnpooledHeapByteBuf(ridx: 0, widx: 55, cap: 65536) > TRACE org.apache.qpid.jms.provider.amqp.AmqpProvider - Received from Broker > 55 bytes: UnpooledHeapByteBuf(ridx: 0, widx: 55, cap: 65536) > WARN org.apache.qpid.jms.provider.amqp.AmqpProvider - Caught Exception during > update processing: null > java.lang.NullPointerException > at > org.apache.qpid.jms.sasl.CramMD5Mechanism.getChallengeResponse(CramMD5Mechanism.java:57) > at > org.apache.qpid.jms.provider.amqp.AmqpSaslAuthenticator.handleSaslStep(AmqpSaslAuthenticator.java:111) > at > org.apache.qpid.jms.provider.amqp.AmqpSaslAuthenticator.authenticate(AmqpSaslAuthenticator.java:63) > at > org.apache.qpid.jms.provider.amqp.AmqpConnection.processSaslAuthentication(AmqpConnection.java:155) > at > org.apache.qpid.jms.provider.amqp.AmqpProvider.processUpdates(AmqpProvider.java:777) > at > org.apache.qpid.jms.provider.amqp.AmqpProvider.access$1500(AmqpProvider.java:87) > at > org.apache.qpid.jms.provider.amqp.AmqpProvider$16.run(AmqpProvider.java:667) > at > java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471) > at java.util.concurrent.FutureTask.run(FutureTask.java:262) > at > java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:178) > at > java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:292) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) > at java.lang.Thread.run(Thread.java:745) > javax.jms.JMSException: java.lang.NullPointerException > Exception occurred and was caught by onException > at > org.apache.qpid.jms.exceptions.JmsExceptionSupport.create(JmsExceptionSupport.java:60) > at > org.apache.qpid.jms.JmsConnection.onAsyncException(JmsConnection.java:1169) > at > org.apache.qpid.jms.JmsConnection.onConnectionFailure(JmsConnection.java:1085) > at > org.apache.qpid.jms.provider.amqp.AmqpProvider.fireProviderException(AmqpProvider.java:832) > at > org.apache.qpid.jms.provider.amqp.AmqpProvider.processUpdates(AmqpProvider.java:781) > at > org.apache.qpid.jms.provider.amqp.AmqpProvider.access$1500(AmqpProvider.java:87) > at > org.apache.qpid.jms.provider.amqp.AmqpProvider$16.run(AmqpProvider.java:667) > at > java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471) > at java.util.concurrent.FutureTask.run(FutureTask.java:262) > at > java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:178) > at > java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:292) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) > at java.lang.Thread.run(Thread.java:745) > Caused by: java.io.IOException: java.lang.NullPointerException > at > org.apache.qpid.jms.util.IOExceptionSupport.create(IOExceptionSupport.java:45) > ... 11 more > Caused by: java.lang.NullPointerException > at > org.apache.qpid.jms.sasl.CramMD5Mechanism.getChallengeResponse(CramMD5Mechanism.java:57) > at > org.apache.qpid.jms.provider.amqp.AmqpSaslAuthenticator.handleSaslStep(AmqpSaslAuthenticator.java:111) > at > org.apache.qpid.jms.provider.amqp.AmqpSaslAuthenticator.authenticate(AmqpSaslAuthenticator.java:63) > at > org.apache.qpid.jms.provider.amqp.AmqpConnection.processSaslAuthentication(AmqpConnection.java:155) > at > org.apache.qpid.jms.provider.amqp.AmqpProvider.processUpdates(AmqpProvider.java:777) > ... 9 more{code} > The PLAIN mechanism actually validates username and password and replaces it > with empty string in case they are null. However, setting the password to > empty string causes another exception in SecretKeySpec. So the password has > to be set for example to space to make it work. > Is missing username or password (or set to empty string) actually a valid > scenario? For example I don't think it can be configured on the Qpid C++ > broker. -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org