[JBoss JIRA] (WFLY-13880) resource adapter logs plaintext JMS password at Warning level on connection error
8:52 a.m.
[
https://issues.redhat.com/browse/WFLY-13880?page=com.atlassian.jira.plugi...
]
Brian Stansberry updated WFLY-13880:
------------------------------------
Fix Version/s: 21.0.0.Final
resource adapter logs plaintext JMS password at Warning level on
connection error
---------------------------------------------------------------------------------
Key: WFLY-13880
URL: https://issues.redhat.com/browse/WFLY-13880
Project: WildFly
Issue Type: Bug
Components: JMS
Affects Versions: 20.0.0.Final
Reporter: Jiri Danek
Assignee: Emmanuel Hugonnet
Priority: Minor
Labels: resource-adapter
Fix For: 21.0.0.Final
# start jms broker (AMQ 7 Broker, ActiveMQ Artemis based)
# start wildfly
# connect to the endpoint that causes JMS messages to be sent
# kill the broker
# observe following message in the log, containing {{user=example, pwd=example}}
{noformat}
14:24:51,513 WARN [org.jboss.resource.adapter.jms.JmsManagedConnection] (QpidJMS
Connection Executor: ID:a340d7e7-a228-4730-b8ab-3bc7a1f66b41:1) Handling jms exception
failure:
JmsManagedConnection{mcf=org.jboss.resource.adapter.jms.JmsManagedConnectionFactory@1f572370,
info=JmsConnectionRequestInfo{userName=example, password=example, clientID=null,
transacted=false, acknowledgeMode=1, type=3}, user=example, pwd=example, isSetUp=true,
isDestroyed=false, lock=org.jboss.resource.adapter.jms.ReentrantLock@317e1235[Unlocked],
con=org.jboss.resource.adapter.jms.JmsConnectionSession@4b199ffd, session=class
org.apache.qpid.jms.JmsSession@1532118793, xaSession=null, xaResource=null,
xaTransacted=false, context=org.apache.qpid.jms.JmsContext@3fb9fa6a, xaContext=null}:
org.apache.qpid.jms.exceptions.JmsConnectionFailedException: The JMS connection has
failed: Transport connection remotely closed.
at
deployment.resource-adapter.rar//org.apache.qpid.jms.provider.exceptions.ProviderFailedException.toJMSException(ProviderFailedException.java:35)
at
deployment.resource-adapter.rar//org.apache.qpid.jms.provider.exceptions.ProviderFailedException.toJMSException(ProviderFailedException.java:21)
at
deployment.resource-adapter.rar//org.apache.qpid.jms.exceptions.JmsExceptionSupport.create(JmsExceptionSupport.java:80)
at
deployment.resource-adapter.rar//org.apache.qpid.jms.exceptions.JmsExceptionSupport.create(JmsExceptionSupport.java:112)
at
deployment.resource-adapter.rar//org.apache.qpid.jms.JmsConnection.onAsyncException(JmsConnection.java:1546)
at
deployment.resource-adapter.rar//org.apache.qpid.jms.JmsConnection.onProviderException(JmsConnection.java:1530)
at
deployment.resource-adapter.rar//org.apache.qpid.jms.JmsConnection.onConnectionFailure(JmsConnection.java:1374)
at
deployment.resource-adapter.rar//org.apache.qpid.jms.provider.amqp.AmqpProvider.fireProviderException(AmqpProvider.java:1150)
at
deployment.resource-adapter.rar//org.apache.qpid.jms.provider.amqp.AmqpProvider.lambda$onTransportClosed$18(AmqpProvider.java:914)
at
deployment.resource-adapter.rar//io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:164)
at
deployment.resource-adapter.rar//io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:472)
at
deployment.resource-adapter.rar//io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:384)
at
deployment.resource-adapter.rar//io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989)
at
deployment.resource-adapter.rar//io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: org.apache.qpid.jms.provider.exceptions.ProviderFailedException: Transport
connection remotely closed.
... 7 more
{noformat}
I am not sure how important this is. In my experience, people dislike having their
passwords spilled out in plaintext. On the other hand, I'd expect that a report about
this will already exist somewhere, and I was unable to find it. So maybe it is not a
production isssue for anyone.
Originally reported at https://github.com/amqphub/amqp-10-resource-adapter/issues/13
The log message comes from
https://github.com/jms-ra/generic-jms-ra/blob/ece9e15843136023c26d3d0bd32...
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
1552
days inactive
1552
days old
0 comments
1 participants
participants (1)
-
Brian Stansberry (Jira)