It's always been my understanding that the use of CBS was optional.
Certainly, none of the Microsoft documentation I've seen around using
the JMS client (with Service Bus) refers to it that I can recall.
In looking at the original code from the first mail again, I see its
included 'Azure connection string'
("HostName=xxxx.azure-devices.net;DeviceId=device001;SharedAccessKey=XXXX")
only contains a SharedAccessKey value. From some searching I expect
there also needs to be a SharedAccessKeyName value too. These are both
seemingly used and passed when creating the connection from the
factory, effectively passed as the user/pass values:
"Connection connection = cf.createConnection(csb.getSasKeyName(),
csb.getSasKey());"
So if the getSasKeyName() return value is null/empty, then the client
will likely only be able to use the ANONYMOUS SASL mech(unless doing
TLS client certificate auth), assuming it is actually offered by the
server, which in this case I expect it would be since ANONYMOUS is a
key route CBS is used via. So I expect the client was able to connect
as I said before, but only anonymously as that was offered and it had
insufficient details to do anything else, but was as result then
unable to complete things such as creating the MessageProducer since
it was only 'anonymously authenticated' and so was denied
authorization having not done anything else like CBS usage.
Various links:
https://docs.microsoft.com/en-us/azure/service-bus-messaging/service-bus-java-how-to-use-jms-api-amqp
https://docs.microsoft.com/en-us/azure/service-bus-messaging/how-to-use-java-message-service-20
https://docs.microsoft.com/en-us/azure/service-bus-messaging/service-bus-create-namespace-portal#get-the-connection-string
https://github.com/Azure/azure-service-bus-java/blob/2.0.0/azure-servicebus/src/main/java/com/microsoft/azure/servicebus/primitives/ConnectionStringBuilder.java#L32-L33
On Mon, 11 Jan 2021 at 20:14, reifujin <conn...@microsoft.com.invalid> wrote:
>
> What Robbie says is correct, Azure uses claims-based authorization. Part of
> the magic that the IoT SDK does is create a session to the $cbs node with
> the correct payload. The information is here:
> https://docs.microsoft.com/azure/service-bus-messaging/service-bus-amqp-protocol-guide#claims-based-authorization
>
> A pointer to where the IoT client library does this magic is here:
> https://github.com/Azure/azure-iot-sdk-java/blob/master/device/iot-device-client/src/main/java/com/microsoft/azure/sdk/iot/device/transport/amqps/AmqpsIotHubConnection.java#L247
>
> Cheers,
> Connie
>
>
>
> --
> Sent from: http://qpid.2158936.n2.nabble.com/Apache-Qpid-users-f2158936.html
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@qpid.apache.org
> For additional commands, e-mail: users-h...@qpid.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@qpid.apache.org
For additional commands, e-mail: users-h...@qpid.apache.org
