diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/protocol/core/impl/ActiveMQPacketHandler.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/protocol/core/impl/ActiveMQPacketHandler.java index 31ab624296..d4a10c431f 100644 --- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/protocol/core/impl/ActiveMQPacketHandler.java +++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/protocol/core/impl/ActiveMQPacketHandler.java @@ -22,6 +22,7 @@ import java.util.Map; import org.apache.activemq.artemis.api.core.ActiveMQException; import org.apache.activemq.artemis.api.core.ActiveMQExceptionType; import org.apache.activemq.artemis.api.core.ActiveMQInternalErrorException; +import org.apache.activemq.artemis.api.core.ActiveMQSecurityException; import org.apache.activemq.artemis.api.core.SimpleString; import org.apache.activemq.artemis.core.persistence.OperationContext; import org.apache.activemq.artemis.core.protocol.core.Channel; @@ -174,6 +175,9 @@ public class ActiveMQPacketHandler implements ChannelHandler { protocolManager.addSessionHandler(request.getName(), handler); response = new CreateSessionResponseMessage(server.getVersion().getIncrementingVersion()); + } catch (ActiveMQSecurityException e) { + ActiveMQServerLogger.LOGGER.securityProblemWhileCreatingSession(e.getMessage()); + response = new ActiveMQExceptionMessage(e); } catch (ActiveMQException e) { if (e.getType() == ActiveMQExceptionType.INCOMPATIBLE_CLIENT_SERVER_VERSIONS) { incompatibleVersion = true; diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/ActiveMQServerLogger.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/ActiveMQServerLogger.java index 564aabd83c..b52ed24c78 100644 --- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/ActiveMQServerLogger.java +++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/ActiveMQServerLogger.java @@ -1283,6 +1283,10 @@ public interface ActiveMQServerLogger extends BasicLogger { format = Message.Format.MESSAGE_FORMAT) void negativeGlobalAddressSize(long size); + @LogMessage(level = Logger.Level.WARN) + @Message(id = 222216, value = "Security problem while creating session: {0}", format = Message.Format.MESSAGE_FORMAT) + void securityProblemWhileCreatingSession(String message); + @LogMessage(level = Logger.Level.ERROR) @Message(id = 224000, value = "Failure in initialisation", format = Message.Format.MESSAGE_FORMAT) diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/CertificateLoginModule.java b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/CertificateLoginModule.java index 9c100588a3..0625ba551b 100644 --- a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/CertificateLoginModule.java +++ b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/CertificateLoginModule.java @@ -75,7 +75,7 @@ public abstract class CertificateLoginModule extends PropertiesLoader implements } catch (IOException ioe) { throw new LoginException(ioe.getMessage()); } catch (UnsupportedCallbackException uce) { - throw new LoginException(uce.getMessage() + " Unable to obtain client certificates."); + throw new LoginException("Unable to obtain client certificates: " + uce.getMessage()); } certificates = ((CertificateCallback) callbacks[0]).getCertificates(); diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/LDAPLoginModule.java b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/LDAPLoginModule.java index 5c2343a3a2..48fc3b94aa 100644 --- a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/LDAPLoginModule.java +++ b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/LDAPLoginModule.java @@ -209,7 +209,6 @@ public class LDAPLoginModule implements LoginModule { NamingEnumeration results = context.search(getLDAPPropertyValue(USER_BASE), filter, constraints); if (results == null || !results.hasMore()) { - ActiveMQServerLogger.LOGGER.warn("User " + username + " not found in LDAP."); throw new FailedLoginException("User " + username + " not found in LDAP."); } diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/PropertiesLoginModule.java b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/PropertiesLoginModule.java index 957bb8ab47..cbe5e4f75d 100644 --- a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/PropertiesLoginModule.java +++ b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/PropertiesLoginModule.java @@ -86,29 +86,25 @@ public class PropertiesLoginModule extends PropertiesLoader implements LoginModu tmpPassword = new char[0]; } if (user == null) { - throw new FailedLoginException("user name is null"); + throw new FailedLoginException("User is null"); } String password = users.getProperty(user); if (password == null) { - throw new FailedLoginException("User does exist"); + throw new FailedLoginException("User does not exist: " + user); } - //password is hashed try { hashProcessor = PasswordMaskingUtil.getHashProcessor(password); - - if (!hashProcessor.compare(tmpPassword, password)) { - throw new FailedLoginException("Password does not match"); - } - loginSucceeded = true; } catch (Exception e) { - if (debug) { - logger.debug("Exception getting a hash processor", e); - } throw new FailedLoginException("Failed to get hash processor"); } + if (!hashProcessor.compare(tmpPassword, password)) { + throw new FailedLoginException("Password does not match for user: " + user); + } + loginSucceeded = true; + if (debug) { logger.debug("login " + user); }