Re: [PR] ARTEMIS-5316 XOAUTH2 SASL mechanism for broker connection [activemq-artemis]

Tue, 08 Jul 2025 03:18:11 -0700 


bstlukasiewicz commented on code in PR #5822:
URL: https://github.com/apache/activemq-artemis/pull/5822#discussion_r2192080601


##########
artemis-protocols/artemis-amqp-protocol/src/main/java/org/apache/activemq/artemis/protocol/amqp/connect/AMQPBrokerConnection.java:
##########
@@ -1218,28 +1251,48 @@ private static final class SaslFactory implements 
ClientSASLFactory {
       public ClientSASL chooseMechanism(String[] offeredMechanims) {
          List<String> availableMechanisms = offeredMechanims == null ? 
Collections.emptyList() : Arrays.asList(offeredMechanims);
 
-         if (availableMechanisms.contains(EXTERNAL) && 
ExternalSASLMechanism.isApplicable(connection)) {
+         List<String> acceptedMechanisms = 
getAcceptedMechanisms(availableMechanisms);
+
+         if (acceptedMechanisms.contains(EXTERNAL) && 
ExternalSASLMechanism.isApplicable(connection)) {
             return new ExternalSASLMechanism();
          }
          if (SCRAMClientSASL.isApplicable(brokerConnectConfiguration.getUser(),
                                           
brokerConnectConfiguration.getPassword())) {
             for (SCRAM scram : SCRAM.values()) {
-               if (availableMechanisms.contains(scram.getName())) {
+               if (acceptedMechanisms.contains(scram.getName())) {
                   return new SCRAMClientSASL(scram, 
brokerConnectConfiguration.getUser(),
                                              
brokerConnectConfiguration.getPassword());
                }
             }
          }
-         if (availableMechanisms.contains(PLAIN) && 
PlainSASLMechanism.isApplicable(brokerConnectConfiguration.getUser(), 
brokerConnectConfiguration.getPassword())) {
+
+         if (acceptedMechanisms.contains(PLAIN) && 
PlainSASLMechanism.isApplicable(brokerConnectConfiguration.getUser(), 
brokerConnectConfiguration.getPassword())) {
             return new 
PlainSASLMechanism(brokerConnectConfiguration.getUser(), 
brokerConnectConfiguration.getPassword());
          }
 
-         if (availableMechanisms.contains(ANONYMOUS)) {
+         if (acceptedMechanisms.contains(XOAUTH2) && 
XOAuth2SASLMechanism.isApplicable(brokerConnectConfiguration.getUser(), 
brokerConnectConfiguration.getPassword())) {
+            return new 
XOAuth2SASLMechanism(brokerConnectConfiguration.getUser(), 
brokerConnectConfiguration.getPassword());
+         }
+
+         if (acceptedMechanisms.contains(ANONYMOUS)) {
             return new AnonymousSASLMechanism();
          }
 
          return null;
       }
+
+      private List<String> getAcceptedMechanisms(List<String> 
availableMechanisms) {
+         List<String> configuredSaslMechanisms = 
brokerConnectConfiguration.getSaslMechanisms();

Review Comment:
   Thank you, that was very helpful. I have made the changes.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information, visit: https://activemq.apache.org/contact

Reply via email to