Rob Godfrey created QPID-8053: --------------------------------- Summary: [Java Broker] Persistently associate (or otherwise authenticate) container ids with authenticated identity Key: QPID-8053 URL: https://issues.apache.org/jira/browse/QPID-8053 Project: Qpid Issue Type: Bug Components: Broker-J Reporter: Rob Godfrey
In AMQP 1.0 durable links are identified by the combination of local and remote container (and direction). A connection identifying itself with a previously used container id can re-establish durable links, or steal non-durable links that were made on another connection. There is currently no mechanism associating the remote container-id with an identity meaning there is no validation that durable links are re-established (of existing links stolen) by the same actor who originally created them. While a connection has state associated with a container id, the broker should ensure that any other connection attempting to re-use the same container id is using the same identity. This means that the association should be persisted for durable links. It would also make sense to apply the same logic for mechanisms for durable subscriptions in earlier protocols -- This message was sent by Atlassian JIRA (v6.4.14#64029) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org