Qpid
  1. Qpid
  2. QPID-3415

CRAM-MD5-HASHED not supported by 0-10 protocol (+ no suppport for custom SASL mechanisms).

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 0.10
    • Fix Version/s: 0.13
    • Component/s: Java Client
    • Labels:
      None

      Description

      If the Java broker is configured to use the Base64MD5Password password database the Java client is unable to connect even if they use the sasl_mechs broker option in the connection URL (sasl_mechs='CRAM-MD5-HASHED').

      Instead the user sees:

      org.apache.qpid.AMQException: Cannot connect to broker: Callback handler with support for AuthorizeCallback required
      

      The user can work around the problem by passing the -Dqpid.amqp.version system property to the client, and selecting a protocol < 0-10.

      The problem is happening because on the 0-10 code path on the client, the SASL CallbackHandler in use is hardcoded to UsernamePasswordCallbackhandler (ClientDelegate), rather than using the facilities of CallbackHandlerRegistry (as does the 0-8 and 0-9* code paths). CRAM-MD5-HASHED requires the use of a different Callbackhandler.

      This also inhibits the use of custom SASL methods by the client.

        Issue Links

          Activity

            People

            • Assignee:
              Keith Wall
              Reporter:
              Keith Wall
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development