Details
-
Bug
-
Status: Resolved
-
Minor
-
Resolution: Fixed
-
1.5.6
-
ActiveMQ Broker 5.6.0
Description
If the ActiveMQ broker has been secured to enforce login credentials, the NMS client will continually attempt to authenticate against it if it is using the failover protocol.
Steps to Reproduce:
----------------------
1. Configure the broker to require login credentials for connections.
2. Configure the NMS client to use failover mode.
3. Configure the NMS client with incorrect login credentials.
4. Attempt to connect the NMS client to the server.
Results:
----------------------
The client reattempts login continuously without backing off, and has a significant impact on the performance of the server.
Expected:
----------------------
The client should not enter failover, because it never successfully connected, and it would never expect to connect.
Notes:
----------------------
This was experienced using the OpenWire client, but a similar bug may exist in the STOMP client's failover code.
The broker may also want to protect itself against this, as this is an easy attack vector for a DDoS. Just a couple of clients attempting to login with invalid credentials can dramatically impact the server's performance, not just the broker.