[
https://issues.apache.org/jira/browse/QPIDJMS-232?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15742429#comment-15742429
]
Rob Godfrey commented on QPIDJMS-232:
-------------------------------------
{quote}
The client has always done the TCP/SSL connection, then if no ClientID was set
in the URI it awaited a ClientID being set or the connection otherwise used,
e.g session creation etc, to indicate a ClientID wont be set before it did the
SASL/Open. Now the SASL will also be done regardless.
{quote}
Ah - I guess we never tested this with the Qpid Broker for Java waiting more
than a couple of seconds to set the client id... If you open a connection
without authenticating then it suspects a DoS attack :-)
> Perform Authentication when the remote connection is established instead of
> waiting until Connection is used
> ------------------------------------------------------------------------------------------------------------
>
> Key: QPIDJMS-232
> URL: https://issues.apache.org/jira/browse/QPIDJMS-232
> Project: Qpid JMS
> Issue Type: Improvement
> Components: qpid-jms-client
> Affects Versions: 0.11.1
> Reporter: Timothy Bish
> Assignee: Timothy Bish
> Fix For: 0.20.0
>
>
> Instead of waiting until the connection is used to perform authentication we
> should perform the SASL authentication if available when the connection is
> established. This allows the createConnection methods in the
> ConnectionFactory to fail fast instead of waiting until the Connection is
> used (e.g set client ID, start, createSession etc)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
