[#BLZ-176] Not getting an authentication error when Producer tries to send a message over streaming channel with insufficient credentials.

BlazeDS

Not getting an authentication error when Producer tries to send a message over streaming channel with insufficient credentials.

Created: 05/15/08 05:18 PM Updated: 05/17/08 08:55 AM

Component/s:

General - Server

Security Level:

Public (All JIRA Users )

Severity:	Incorrectly Functioning
Reproducibility:	Every Time
Discoverability:	Medium
Found in Version:	BlazeDS 3.0.1
Milestone:	BlazeDS 3.0.1
Affected OS(s):	All OS Platforms - All
Steps to Reproduce:	« Hide Steps to reproduce: 1. Run the following test from the qa-regress webapp: http://localhost:8400/qa-regress/testsuites/mxunit/tests/messagingService/security/streaming-amf/JMSAuthSendSubscribeConstraintTest.mxml 2. 3. Actual Results: A couple of the test methods fail. If you look at the testValidCredentials test method, you'll see that the failure message is "Credentials were valid, shouldn't have received fault: Client.Error.MessageSend". Expected Results: Should get an authentication error. If I change the test to check for the faultcode "Client.Error.MessageSend" in addition to the other authentication fault codes, the tests all pass. In the streaming case it seems like we aren't getting the authentication failure back to the user but are returning this message instead. I think developers who are looking for/expecting an authorization fault code will find this confusing. Workaround (if any): Show » Steps to reproduce: 1. Run the following test from the qa-regress webapp: http://localhost:8400/qa-regress/testsuites/mxunit/tests/messagingService/security/streaming-amf/JMSAuthSendSubscribeConstraintTest.mxml 2. 3. Actual Results: A couple of the test methods fail. If you look at the testValidCredentials test method, you'll see that the failure message is "Credentials were valid, shouldn't have received fault: Client.Error.MessageSend". Expected Results: Should get an authentication error. If I change the test to check for the faultcode "Client.Error.MessageSend" in addition to the other authentication fault codes, the tests all pass. In the streaming case it seems like we aren't getting the authentication failure back to the user but are returning this message instead. I think developers who are looking for/expecting an authorization fault code will find this confusing. Workaround (if any):
Language Found:	English
Bugbase Id:	none
Triaged:	Yes
Regression:	No
QA Owner:	hsee
Resolved by:	Mete Atamel
Participants:	aglosban, Mete Atamel and Trevor Baker
JDK:	Sun JDK 5
Application Server:	Apache Tomcat 6.x

All

Comments

Sort Order:

[ Permlink | « Hide ]

aglosban - [05/15/08 05:22 PM ]

In the authentication tests we are currently checking for either the Client.Authentication or Channel.Authentication.Error faultcode. It seems like the fact that we are getting Client.Error.MessageSend in the streaming case is definitely a bug but I think we should also maybe come up with a single faultcode to indicate an authentication failure. I'm not sure what the benefit of having both Client.Authentication and Channel.Authentication.Error is. We've written our tests to expect both as it seems depending on the code path either one of these could be returned for a given situation.

[ Permlink | « Hide ]

aglosban - [05/16/08 09:13 AM ]

This is a relatively minor problem and should not be considered a stop ship issue.

[ Permlink | « Hide ]

Mete Atamel - [05/16/08 03:29 PM ]

Fixed with change 1774 on 3.0.1.x branch. Assuming that merge to 3.0.x and trunk will be handled by someone else.

[ Permlink | « Hide ]

aglosban - [05/17/08 08:55 AM ]

Merged the sdk to BlazeDS 3.0.x and trunk. Verified on BlazeDS 3.0.x.