Details
-
Improvement
-
Status: Resolved
-
Critical
-
Resolution: Invalid
-
qpid-java-6.1.6, qpid-java-broker-7.0.3, qpid-java-broker-7.0.2, 0.32, qpid-java-6.0, qpid-java-6.0.1, qpid-java-6.0.2, qpid-java-6.0.3, qpid-java-6.0.4, qpid-java-6.0.5, qpid-java-6.1, qpid-java-6.0.6, qpid-java-6.1.1, qpid-java-6.1.2, qpid-java-6.0.7, qpid-java-6.1.3, qpid-java-6.0.8, qpid-java-6.1.4, qpid-java-broker-7.0.0, qpid-java-6.1.5, qpid-java-broker-7.0.1, qpid-java-broker-7.0.4
-
None
-
None
Description
There is a weakness in Qpid exception handling when communication with external services like LDAP. The Broker should take a more defensive approach and handle unexpected exceptions thrown by underlying third-party API in addition to exceptions declared in API interfaces. The unexpected exceptions thrown by underlying API should not affect the stability of the Broker.
It was reported that on establishment of connection with LDAP using default context factory com.sun.jndi.ldap.LdapCtxFactory the creation of InitialDirContext can end-up in unexpected exception thrown from com.sun.jndi.ldap.LdapClient. It looks like a defect in com.sun.jndi.ldap.LdapClient, but I could not find any existing open bug report raised against JVM with similar behaviour. I think that Broker should catch unexpected exception, log it and report authentication failure back to the client.
Attachments
Issue Links
- links to