Tom Samplonius-2 wrote: > > Actually, it appears that the username and password are ignored. I > fought with JAAS for about four hours before decided to try to read the > code, and the comments say that the password is ignored. There appears to > be no way to get a config that doesn't > check the password. From ProtocolConvertor.java: > > // allow anyone to login for now > String login = (String)headers.get(Stomp.Headers.Connect.LOGIN); > String passcode = > (String)headers.get(Stomp.Headers.Connect.PASSCODE); > String clientId = > (String)headers.get(Stomp.Headers.Connect.CLIENT_ID); > > There is no indication there is any attempt to validate the username and > password via any sort of auth plugin. I assume based on the "for now" > comment, that someone is working on this. > The authentication is done elsewhere, not in the Stomp protocol code. A security exception is cast when this fails (this is shown in the log if debugging is enabled). However, this exception isn't dealt with properly: the stomp code just continues and the connection stays open. A quick and dirty patch is below. A better way to handle is to send a Stomp ERROR frame, and then disconnect. Unfortunately I don't have any time to fix a proper patch.
Regards, Pieter Patch: --- ../../../activemq-snapshot/src/activemq-core/src/main/java/org/apache/activemq/transport/stomp/ProtocolConverter.java 2007-05-11 02:02:04.000000000 +0200 +++ activemq-core/src/main/java/org/apache/activemq/transport/stomp/ProtocolConverter.java 2007-05-22 12:41:32.000000000 +0200 @@ -36,6 +36,7 @@ import org.apache.activemq.command.ConnectionInfo; import org.apache.activemq.command.ConsumerId; import org.apache.activemq.command.ConsumerInfo; +import org.apache.activemq.command.ExceptionResponse; import org.apache.activemq.command.LocalTransactionId; import org.apache.activemq.command.MessageAck; import org.apache.activemq.command.MessageDispatch; @@ -413,7 +414,18 @@ connectionInfo.setPassword(passcode); sendToActiveMQ(connectionInfo, new ResponseHandler(){ - public void onResponse(ProtocolConverter converter, Response response) throws IOException { + public void onResponse(ProtocolConverter converter, Response response) throws IOException, ProtocolException { + + /* PN: if the response is an exception, propagate the exception to send an ERROR frame */ + if (response.isException()) { + ExceptionResponse exception = (ExceptionResponse) response; + // apparently, other (non-fatal) exceptions are generated as well (see debug log) + if (exception.getException() instanceof SecurityException) { + // FIXME: should set up connection, send an ERROR frame, and disconnect + // this disconnects immediately + throw new ProtocolException(exception.getException().getMessage()); + } + } final SessionInfo sessionInfo = new SessionInfo(sessionId); sendToActiveMQ(sessionInfo,null); -- View this message in context: http://www.nabble.com/Getting-Stomp-support-to-a-usable-state...-tf3858629s2354.html#a11060452 Sent from the ActiveMQ - User mailing list archive at Nabble.com.