Tom Samplonius-2 wrote:
>
> Actually, it appears that the username and password are ignored. I
> fought with JAAS for about four hours before decided to try to read the
> code, and the comments say that the password is ignored. There appears to
> be no way to get a config that doesn't
> check the password. From ProtocolConvertor.java:
>
> // allow anyone to login for now
> String login = (String)headers.get(Stomp.Headers.Connect.LOGIN);
> String passcode =
> (String)headers.get(Stomp.Headers.Connect.PASSCODE);
> String clientId =
> (String)headers.get(Stomp.Headers.Connect.CLIENT_ID);
>
> There is no indication there is any attempt to validate the username and
> password via any sort of auth plugin. I assume based on the "for now"
> comment, that someone is working on this.
>
The authentication is done elsewhere, not in the Stomp protocol code. A
security exception is cast when this fails (this is shown in the log if
debugging is enabled). However, this exception isn't dealt with properly:
the stomp code just continues and the connection stays open. A quick and
dirty patch is below. A better way to handle is to send a Stomp ERROR frame,
and then disconnect. Unfortunately I don't have any time to fix a proper
patch.
Regards,
Pieter
Patch:
---
../../../activemq-snapshot/src/activemq-core/src/main/java/org/apache/activemq/transport/stomp/ProtocolConverter.java
2007-05-11 02:02:04.000000000 +0200
+++
activemq-core/src/main/java/org/apache/activemq/transport/stomp/ProtocolConverter.java
2007-05-22 12:41:32.000000000 +0200
@@ -36,6 +36,7 @@
import org.apache.activemq.command.ConnectionInfo;
import org.apache.activemq.command.ConsumerId;
import org.apache.activemq.command.ConsumerInfo;
+import org.apache.activemq.command.ExceptionResponse;
import org.apache.activemq.command.LocalTransactionId;
import org.apache.activemq.command.MessageAck;
import org.apache.activemq.command.MessageDispatch;
@@ -413,7 +414,18 @@
connectionInfo.setPassword(passcode);
sendToActiveMQ(connectionInfo, new ResponseHandler(){
- public void onResponse(ProtocolConverter converter,
Response response) throws IOException {
+ public void onResponse(ProtocolConverter converter,
Response response) throws IOException, ProtocolException {
+
+ /* PN: if the response is an exception,
propagate the exception to send an ERROR frame */
+ if (response.isException()) {
+ ExceptionResponse exception =
(ExceptionResponse) response;
+ // apparently, other (non-fatal)
exceptions are generated as well (see debug log)
+ if (exception.getException()
instanceof SecurityException) {
+ // FIXME: should set up
connection, send an ERROR frame, and disconnect
+ // this disconnects
immediately
+ throw new
ProtocolException(exception.getException().getMessage());
+ }
+ }
final SessionInfo sessionInfo = new
SessionInfo(sessionId);
sendToActiveMQ(sessionInfo,null);
--
View this message in context:
http://www.nabble.com/Getting-Stomp-support-to-a-usable-state...-tf3858629s2354.html#a11060452
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
