4

I am testing using the Java QPID broker. I was able to send and receive messages using the proton client but with anonymous authentication. I am interested in testing with authentication turned on and understand the proton client does not support (yet). I therefore downloaded the rabbitMQ client jars. I am using password file authentication (that came with QPID).

I set my RabbitMQ client connection factory like this:

    connectionFactory = new ConnectionFactory();
    connectionFactory.setHost("localhost");
    connectionFactory.setUsername("guest");
    connectionFactory.setPassword("guest");

The code fails on this line (specifically on getConnection).

    connection = RabbitMQConnectionFactory.getInstance().getConnection();

This is the exception:

java.io.IOException: No compatible authentication mechanism found - server offered [CRAM-MD5] at com.rabbitmq.client.impl.AMQConnection.start(AMQConnection.java:309) at com.rabbitmq.client.ConnectionFactory.newConnection(ConnectionFactory.java:590) at com.rabbitmq.client.ConnectionFactory.newConnection(ConnectionFactory.java:612) at com.vue.rabbit.core.RabbitMQConnectionFactory.getConnection(RabbitMQConnectionFactory.java:37) at com.vue.rabbit.producer.SimpleProducer.main(SimpleProducer.java:25)

If I change QPID broker to use anonymous authentication and also change client not to set user/password, I get a similar exception of "server offered [ANONYMOUS]"

Am I doing something wrong? These should be compatible? Somewhat separate question is why is there a Java and C++ QPID broker if they both support the same on-wire AMQP protocol? Thanks in advance for any help!

Bosko Mijin
  • 3,287
  • 3
  • 32
  • 45
Scott
  • 485
  • 8
  • 21

3 Answers3

5

Actually, plain SASL is supported in the latest QPID, but it is not recommended. See the documentation. In your config.json include something like: "secureOnlyMechanisms": [] as in:

 "authenticationproviders" : [ {
    "id" : "798fc4a5-8edb-4b42-b1b2-8f7e9be8cccb",
    "name" : "passwordFile",
    "type" : "PlainPasswordFile",
    "path" : "${qpid.home_dir}${file.separator}etc${file.separator}passwd",
    "secureOnlyMechanisms": [],
    "preferencesproviders" : [ {
      "id" : "1dcee789-be1b-49cc-9032-3bc4b974d1d6",
      "name" : "fileSystemPreferences",
      "type" : "FileSystemPreferences",
      "path" : "${qpid.work_dir}${file.separator}user.preferences.json"
    } ]
Oscar Montoya
  • 177
  • 1
  • 8
1

What version of the Java Broker are you using?

If the answer is 0.30, the PlainPasswordFile/Base64MD5PasswordFile authentication providers (the former being the default in the shipped configuration) offer the PLAIN SASL mechanisms to clients only if they are using an AMQP port configured with SSL. This is done in order to prevent the password travelling in clear text over an unprotected port.

k-wall
  • 409
  • 3
  • 9
  • k-wall - yes I am using 0.30. Thanks for this answer – Scott Oct 17 '14 at 13:13
  • 1
    Hi k-wall! Is there any way to disable this behavior? I use qpid-broker for testing AMQP-dependent modules in an isolated environment and therefore, I'd like to use password authentication in a local, "anonymous" qpid broker. – Rui Gonçalves Feb 12 '15 at 11:32
  • 1
    Qpid 0.28 works with Spring AMQP, if a version downgrade on the broker ok for you... – Gyorgy Szekely Sep 16 '15 at 11:00
0

You can resolve this by putting this setting :

"secureOnlyMechanisms" : []

under "authenticationproviders" in the config.json. This fix works on older versions like 6.0.2.

So your config can contain something like:

"authenticationproviders": [
    {
      "name": "plain",
      "type": "Plain",
      "users": [
        {
          "name": "guest",
          "type": "managed",
          "password": "guest"
        }
      ],
      "secureOnlyMechanisms" : []
    }
],

This is described here : https://qpid.apache.org/releases/qpid-java-trunk/java-broker/book/Java-Broker-Security.html

Suraj Rao
  • 29,388
  • 11
  • 94
  • 103
Borislav Markov
  • 1,495
  • 11
  • 12