Uploaded image for project: 'Qpid'
  1. Qpid
  2. QPID-8053

[Java Broker] Persistently associate (or otherwise authenticate) container ids with authenticated identity

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Broker-J
    • Labels:
      None

      Description

      In AMQP 1.0 durable links are identified by the combination of local and remote container (and direction). A connection identifying itself with a previously used container id can re-establish durable links, or steal non-durable links that were made on another connection.

      There is currently no mechanism associating the remote container-id with an identity meaning there is no validation that durable links are re-established (of existing links stolen) by the same actor who originally created them.

      While a connection has state associated with a container id, the broker should ensure that any other connection attempting to re-use the same container id is using the same identity. This means that the association should be persisted for durable links. It would also make sense to apply the same logic for mechanisms for durable subscriptions in earlier protocols

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              rgodfrey Rob Godfrey
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: