- Changed Session.nextLogon() to validate DefaultApplVerID from Logon.

 - Added unit test.

Author: chrjohn

quickfixj-core/src/main/java/quickfix/Session.java

@@ -64,6 +64,7 @@
 import java.util.ArrayList;
 import java.util.Date;
 import java.util.List;
+import java.util.Optional;
 import java.util.Set;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.ConcurrentMap;
@@ -2162,6 +2163,19 @@ private void nextLogon(Message logon) throws FieldNotFound, RejectLogon, Incorre
             throw new RejectLogon("Logon attempt not within session time");
         }
 
+        if (sessionID.isFIXT()) {
+            final DataDictionary dictionary = dataDictionaryProvider
+                    .getSessionDataDictionary(sessionID.getBeginString());
+            if (dictionary != null) {
+                Optional<String> defaultApplVerID = logon.getOptionalString(DefaultApplVerID.FIELD);
+                if (defaultApplVerID.isPresent()) {
+                    if (!dictionary.isFieldValue(ApplVerID.FIELD, defaultApplVerID.get())) {
+                        throw new RejectLogon("Invalid DefaultApplVerID=" + defaultApplVerID.get());
+                    }
+                }
+            }
+        }
+
         // QFJ-926 - reset session before accepting Logon
         resetIfSessionNotCurrent(sessionID, SystemTime.currentTimeMillis());
 

quickfixj-core/src/test/java/quickfix/mina/acceptor/AcceptorIoHandlerTest.java

@@ -23,6 +23,7 @@
 import org.junit.Test;
 import quickfix.FixVersions;
 import quickfix.Message;
+import quickfix.MessageUtils;
 import quickfix.Responder;
 import quickfix.Session;
 import quickfix.SessionFactoryTestSupport;
@@ -33,6 +34,7 @@
 import quickfix.field.ApplVerID;
 import quickfix.field.DefaultApplVerID;
 import quickfix.field.EncryptMethod;
+import quickfix.field.Headline;
 import quickfix.field.HeartBtInt;
 import quickfix.field.MsgSeqNum;
 import quickfix.field.MsgType;
@@ -42,6 +44,7 @@
 import quickfix.field.Text;
 import quickfix.fix44.Logout;
 import quickfix.fixt11.Logon;
+import quickfix.fix50.News;
 import quickfix.mina.EventHandlingStrategy;
 import quickfix.mina.NetworkingOptions;
 import quickfix.mina.SessionConnector;
@@ -56,6 +59,7 @@
 
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyNoMoreInteractions;
@@ -101,6 +105,42 @@ public void testFIXTLogonAndApplVerID() throws Exception {
         }
     }
 
+    @Test
+    public void testFIXTLogonAndUnknownApplVerID() throws Exception {
+        EventHandlingStrategy mockEventHandlingStrategy = mock(EventHandlingStrategy.class);
+        IoSession mockIoSession = mock(IoSession.class);
+        SessionSettings settings = mock(SessionSettings.class);
+
+        final SessionID sessionID = new SessionID(FixVersions.BEGINSTRING_FIXT11, "SENDER",
+                "TARGET");
+        final UnitTestApplication unitTestApplication = new UnitTestApplication();
+        try (Session session = SessionFactoryTestSupport.createSession(sessionID, unitTestApplication, false, false, true, true, new DefaultApplVerID(DefaultApplVerID.FIX50SP2))) {
+            when(mockIoSession.getAttribute("QF_SESSION")).thenReturn(null);    // to create a new Session
+
+            final HashMap<SessionID, Session> acceptorSessions = new HashMap<>();
+            acceptorSessions.put(sessionID, session);
+            final StaticAcceptorSessionProvider sessionProvider = createSessionProvider(acceptorSessions);
+
+            final AcceptorIoHandler handler = new AcceptorIoHandler(sessionProvider,
+                    settings, new NetworkingOptions(new Properties()), mockEventHandlingStrategy);
+
+            final DefaultApplVerID defaultApplVerID = new DefaultApplVerID("33");
+            final Logon message = new Logon(new EncryptMethod(EncryptMethod.NONE_OTHER),
+                    new HeartBtInt(30), defaultApplVerID);
+            message.getHeader().setString(TargetCompID.FIELD, sessionID.getSenderCompID());
+            message.getHeader().setString(SenderCompID.FIELD, sessionID.getTargetCompID());
+            message.getHeader().setField(new SendingTime(LocalDateTime.now()));
+            message.getHeader().setInt(MsgSeqNum.FIELD, 1);
+
+            handler.messageReceived(mockIoSession, message.toString());
+            session.next(message);
+
+            Message lastToAdminMessage = unitTestApplication.lastToAdminMessage();
+            assertEquals(MsgType.LOGOUT, MessageUtils.getMessageType(lastToAdminMessage.toString()));
+            assertTrue(lastToAdminMessage.getString(Text.FIELD).contains("Invalid DefaultApplVerID=33"));
+        }
+    }
+
     @Test
     public void testMessageBeforeLogon() throws Exception {
         IoSession mockIoSession = mock(IoSession.class);