[
https://issues.apache.org/jira/browse/PROTON-1589?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16405940#comment-16405940
]
Andrew Stitcher commented on PROTON-1589:
-----------------------------------------
The behaviour has now been changed so that the transport will "error" on the
first authorization failure it receives and not retry any further urls even
though they might not have the same authentication problem.
> [cpp] How can I handle invalid SASL PLAIN credentials error when reconnect is
> on?
> ---------------------------------------------------------------------------------
>
> Key: PROTON-1589
> URL: https://issues.apache.org/jira/browse/PROTON-1589
> Project: Qpid Proton
> Issue Type: Bug
> Components: cpp-binding
> Affects Versions: proton-c-0.18.0
> Reporter: Jiri Daněk
> Assignee: Andrew Stitcher
> Priority: Major
> Labels: sasl
> Fix For: proton-c-0.22.0
>
>
> Apply the following patch to the simple_send.cpp example
> {code}
> diff --git a/examples/cpp/simple_send.cpp b/examples/cpp/simple_send.cpp
> index a4c2272d..053da34f 100644
> --- a/examples/cpp/simple_send.cpp
> +++ b/examples/cpp/simple_send.cpp
> @@ -27,6 +27,7 @@
> #include <proton/message.hpp>
> #include <proton/message_id.hpp>
> #include <proton/messaging_handler.hpp>
> +#include <proton/reconnect_options.hpp>
> #include <proton/tracker.hpp>
> #include <proton/types.hpp>
>
> @@ -53,6 +54,12 @@ class simple_send : public proton::messaging_handler {
> proton::connection_options co;
> if (!user.empty()) co.user(user);
> if (!password.empty()) co.password(password);
> + co.sasl_enabled(true);
> + co.sasl_allow_insecure_mechs(true);
> + std::string sasl_mechanisms("PLAIN");
> + co.sasl_allowed_mechs(sasl_mechanisms);
> + proton::reconnect_options ro;
> + co.reconnect(ro);
> sender = c.open_sender(url, co);
> }
> {code}
> Now attempt to connect to AMQP broker, for example ActiveMQ Artemis instance,
> which was created with {{--require-login}}. The client gets stuck if you use
> invalid credentials.
> {noformat}
> PN_TRACE_FRM=1 examples/cpp/simple_send -a amqp://127.0.0.1:5672 -u nosuch -p
> user
> [0xed9980]: -> SASL
> [0xed9980]: <- SASL
> [0xed9980]:0 <- @sasl-mechanisms(64)
> [sasl-server-mechanisms=@PN_SYMBOL[:PLAIN, :ANONYMOUS]]
> [0xed9980]:0 -> @sasl-init(65) [mechanism=:PLAIN,
> initial-response=b"\x00nosuch\x00user"]
> [0xed9980]:0 <- @sasl-outcome(68) [code=1]
> [0xed9980]: -> EOS
> [0xee7290]: -> SASL
> [0xee7290]: <- SASL
> [0xee7290]:0 <- @sasl-mechanisms(64)
> [sasl-server-mechanisms=@PN_SYMBOL[:PLAIN, :ANONYMOUS]]
> [0xee7290]:0 -> @sasl-init(65) [mechanism=:PLAIN,
> initial-response=b"\x00nosuch\x00user"]
> [0xee7290]:0 <- @sasl-outcome(68) [code=1]
> [0xee7290]: -> EOS
> [0xeee6b0]: -> SASL
> [0xeee6b0]: <- SASL
> [0xeee6b0]:0 <- @sasl-mechanisms(64)
> [sasl-server-mechanisms=@PN_SYMBOL[:PLAIN, :ANONYMOUS]]
> [0xeee6b0]:0 -> @sasl-init(65) [mechanism=:PLAIN,
> initial-response=b"\x00nosuch\x00user"]
> [0xeee6b0]:0 <- @sasl-outcome(68) [code=1]
> [0xeee6b0]: -> EOS
> {noformat}
> As you can see, the client keeps reconnecting. The previous behavior, if I
> recall correctly, was to execute error handler in this case. To be exact, it
> would run {{on_transport_error}} handler.
> I think that it is reasonable for the client to stop reconnecting and run
> this handler if the reason for failed connection are wrong credentials. This
> condition is unlikely to resolve itself on multiple retries.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
