rh-messaging · treblereel · Jan 6, 2017
diff --git a/.../main/java/org/apache/activemq/artemis/core/protocol/core/impl/ActiveMQPacketHandler.java b/.../main/java/org/apache/activemq/artemis/core/protocol/core/impl/ActiveMQPacketHandler.java
@@ -19,6 +19,7 @@
 import org.apache.activemq.artemis.api.core.ActiveMQException;
 import org.apache.activemq.artemis.api.core.ActiveMQExceptionType;
 import org.apache.activemq.artemis.api.core.ActiveMQInternalErrorException;
+import org.apache.activemq.artemis.api.core.ActiveMQSecurityException;
 import org.apache.activemq.artemis.api.core.SimpleString;
 import org.apache.activemq.artemis.core.persistence.OperationContext;
 import org.apache.activemq.artemis.core.protocol.core.Channel;
@@ -162,6 +163,9 @@ private void handleCreateSession(final CreateSessionMessage request) {
          protocolManager.addSessionHandler(request.getName(), handler);
 
          response = new CreateSessionResponseMessage(server.getVersion().getIncrementingVersion());
+      } catch (ActiveMQSecurityException e) {
+         ActiveMQServerLogger.LOGGER.securityProblemWhileCreatingSession(e.getMessage());
+         response = new ActiveMQExceptionMessage(e);
       } catch (ActiveMQException e) {
          if (e.getType() == ActiveMQExceptionType.INCOMPATIBLE_CLIENT_SERVER_VERSIONS) {
             incompatibleVersion = true;

diff --git a/...is-server/src/main/java/org/apache/activemq/artemis/core/server/ActiveMQServerLogger.java b/...is-server/src/main/java/org/apache/activemq/artemis/core/server/ActiveMQServerLogger.java
@@ -1283,6 +1283,10 @@ void slowConsumerDetected(String sessionID,
       format = Message.Format.MESSAGE_FORMAT)
    void negativeGlobalAddressSize(long size);
 
+   @LogMessage(level = Logger.Level.WARN)
+   @Message(id = 222216, value = "Security problem while creating session: {0}", format = Message.Format.MESSAGE_FORMAT)
+   void securityProblemWhileCreatingSession(String message);
+
 
    @LogMessage(level = Logger.Level.ERROR)
    @Message(id = 224000, value = "Failure in initialisation", format = Message.Format.MESSAGE_FORMAT)

diff --git a/.../main/java/org/apache/activemq/artemis/spi/core/security/jaas/CertificateLoginModule.java b/.../main/java/org/apache/activemq/artemis/spi/core/security/jaas/CertificateLoginModule.java
@@ -75,7 +75,7 @@ public boolean login() throws LoginException {
       } catch (IOException ioe) {
          throw new LoginException(ioe.getMessage());
       } catch (UnsupportedCallbackException uce) {
-         throw new LoginException(uce.getMessage() + " Unable to obtain client certificates.");
+         throw new LoginException("Unable to obtain client certificates: " + uce.getMessage());
       }
       certificates = ((CertificateCallback) callbacks[0]).getCertificates();
 

diff --git a/...ver/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/LDAPLoginModule.java b/...ver/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/LDAPLoginModule.java
@@ -209,7 +209,6 @@ protected boolean authenticate(String username, String password) throws LoginExc
          NamingEnumeration<SearchResult> results = context.search(getLDAPPropertyValue(USER_BASE), filter, constraints);
 
          if (results == null || !results.hasMore()) {
-            ActiveMQServerLogger.LOGGER.warn("User " + username + " not found in LDAP.");
             throw new FailedLoginException("User " + username + " not found in LDAP.");
          }
 

diff --git a/...c/main/java/org/apache/activemq/artemis/spi/core/security/jaas/PropertiesLoginModule.java b/...c/main/java/org/apache/activemq/artemis/spi/core/security/jaas/PropertiesLoginModule.java
@@ -86,29 +86,25 @@ public boolean login() throws LoginException {
          tmpPassword = new char[0];
       }
       if (user == null) {
-         throw new FailedLoginException("user name is null");
+         throw new FailedLoginException("User is null");
       }
       String password = users.getProperty(user);
 
       if (password == null) {
-         throw new FailedLoginException("User does exist");
+         throw new FailedLoginException("User does not exist: " + user);
       }
 
-      //password is hashed
       try {
          hashProcessor = PasswordMaskingUtil.getHashProcessor(password);
-
-         if (!hashProcessor.compare(tmpPassword, password)) {
-            throw new FailedLoginException("Password does not match");
-         }
-         loginSucceeded = true;
       } catch (Exception e) {
-         if (debug) {
-            logger.debug("Exception getting a hash processor", e);
-         }
          throw new FailedLoginException("Failed to get hash processor");
       }
 
+      if (!hashProcessor.compare(tmpPassword, password)) {
+         throw new FailedLoginException("Password does not match for user: " + user);
+      }
+      loginSucceeded = true;
+
       if (debug) {
          logger.debug("login " + user);
       }