Uploaded image for project: 'ActiveMQ Classic'
  1. ActiveMQ Classic
  2. AMQ-2858

ConnectionInfo does not override toString to stop logging actual Password in case of Warning.

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Critical
    • Resolution: Fixed
    • 5.3.0
    • 5.3.1
    • Broker
    • None

    • Linux

    • Regression

    Description

      In case of exception as shown below, the ConnectionInfo logged as warning which logs Password in plain Text. Should have encrypted or log as XXXX or YYYY ...

      If ConnectionInfo override the BaseCommand's toString(Map<String, Object>overrideFields) method and set Password as XXXXX... this would be better handled.

      WARN org.apache.activemq.broker.TransportConnection.Service [ActiveMQ Transport Stopper: /134.42.197.187:2512] - Failed to remove connection ConnectionInfo

      {commandId = 1, responseRequired = true, connectionId = 4a6df719-b8ed-4431-a97f-52b93078f021, clientId = 2061e6c0-f8e0-4882-860c-89c3fd7e36db, userName = YYYYX *password = X2342$*, brokerPath = null, brokerMasterConnector = false, manageable = false, clientMaster = true}

      java.lang.SecurityException: User is not authenticated.
      at org.apache.activemq.security.AuthorizationBroker.addDestination(AuthorizationBroker.java:52)
      at org.apache.activemq.broker.MutableBrokerFilter.addDestination(MutableBrokerFilter.java:149)
      at org.apache.activemq.broker.region.RegionBroker.send(RegionBroker.java:425)
      at org.apache.activemq.broker.TransactionBroker.send(TransactionBroker.java:224)
      at org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java:439)
      at org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java:369)
      at org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java:364)
      at org.apache.activemq.advisory.AdvisoryBroker.removeConnection(AdvisoryBroker.java:223)
      at org.apache.activemq.broker.BrokerFilter.removeConnection(BrokerFilter.java:110)
      at org.apache.activemq.broker.BrokerFilter.removeConnection(BrokerFilter.java:110)
      at org.apache.activemq.broker.BrokerFilter.removeConnection(BrokerFilter.java:110)
      at org.apache.activemq.broker.MutableBrokerFilter.removeConnection(MutableBrokerFilter.java:117)
      at org.apache.activemq.broker.TransportConnection.processRemoveConnection(TransportConnection.java:709)
      at org.apache.activemq.broker.TransportConnection.doStop(TransportConnection.java:976)
      at org.apache.activemq.broker.jmx.ManagedTransportConnection.doStop(ManagedTransportConnection.java:71)
      at org.apache.activemq.broker.TransportConnection$3.run(TransportConnection.java:907)

      Attachments

        Activity

          People

            Unassigned Unassigned
            kamaldalal Kamal
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: