Rob Godfrey created QPID-8053:
---------------------------------
Summary: [Java Broker] Persistently associate (or otherwise
authenticate) container ids with authenticated identity
Key: QPID-8053
URL: https://issues.apache.org/jira/browse/QPID-8053
Project: Qpid
Issue Type: Bug
Components: Broker-J
Reporter: Rob Godfrey
In AMQP 1.0 durable links are identified by the combination of local and remote
container (and direction). A connection identifying itself with a previously
used container id can re-establish durable links, or steal non-durable links
that were made on another connection.
There is currently no mechanism associating the remote container-id with an
identity meaning there is no validation that durable links are re-established
(of existing links stolen) by the same actor who originally created them.
While a connection has state associated with a container id, the broker should
ensure that any other connection attempting to re-use the same container id is
using the same identity. This means that the association should be persisted
for durable links. It would also make sense to apply the same logic for
mechanisms for durable subscriptions in earlier protocols
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
