[ https://issues.apache.org/jira/browse/QPID-8208?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alex Rudyy updated QPID-8208: ----------------------------- Description: There is a weakness in Qpid exception handling when communication with external services like LDAP. The Broker should take a more defensive approach and handle unexpected exceptions thrown by underlying third-party API in addition to exceptions declared in API interfaces. The unexpected exceptions thrown by underlying API should not affect the stability of the Broker. It was reported that on establishment of connection with LDAP using default context factory {{com.sun.jndi.ldap.LdapCtxFactory}} the creation of can end-up in unexpected exception thrown from {{com.sun.jndi.ldap.LdapClient}}. Thought, it looks like a defect in {{LdapClient}}, the unexpected exceptions should be handled appropriately. The exception should be logged and the authentication failure error should be returned back to the client. was:The establishment of connection with LDAP using default {{com.sun.jndi.ldap.LdapCtxFactory}} can end-up in unexpected exception thrown from {{com.sun.jndi.ldap.LdapClient}}. Thought, it looks like a defect in {{LdapClient}}, the unexpected exceptions should be handled appropriately. The exception should be logged and the authentication failure error should be returned back to the client. > [Broker-J] Improve handling of unexpected exceptions on establishing LDAP > connections in SimpleLDAPAuthenticationProvider > -------------------------------------------------------------------------------------------------------------------------- > > Key: QPID-8208 > URL: https://issues.apache.org/jira/browse/QPID-8208 > Project: Qpid > Issue Type: Improvement > Components: Broker-J > Affects Versions: qpid-java-6.1.6, qpid-java-broker-7.0.3, > qpid-java-broker-7.0.2, 0.32, qpid-java-6.0, qpid-java-6.0.1, > qpid-java-6.0.2, qpid-java-6.0.3, qpid-java-6.0.4, qpid-java-6.0.5, > qpid-java-6.1, qpid-java-6.0.6, qpid-java-6.1.1, qpid-java-6.1.2, > qpid-java-6.0.7, qpid-java-6.1.3, qpid-java-6.0.8, qpid-java-6.1.4, > qpid-java-broker-7.0.0, qpid-java-6.1.5, qpid-java-broker-7.0.1, > qpid-java-broker-7.0.4 > Reporter: Alex Rudyy > Priority: Critical > Fix For: qpid-java-broker-7.0.6 > > Attachments: 0001-QPID-8208-Broker-J-Improve-exception-handling.patch > > > There is a weakness in Qpid exception handling when communication with > external services like LDAP. The Broker should take a more defensive approach > and handle unexpected exceptions thrown by underlying third-party API in > addition to exceptions declared in API interfaces. The unexpected exceptions > thrown by underlying API should not affect the stability of the Broker. > It was reported that on establishment of connection with LDAP using default > context factory {{com.sun.jndi.ldap.LdapCtxFactory}} the creation of can > end-up in unexpected exception thrown from {{com.sun.jndi.ldap.LdapClient}}. > Thought, it looks like a defect in {{LdapClient}}, the unexpected exceptions > should be handled appropriately. The exception should be logged and the > authentication failure error should be returned back to the client. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org