You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "Clebert Suconic (Jira)" <ji...@apache.org> on 2020/11/03 01:18:01 UTC
[jira] [Closed] (ARTEMIS-2893) Concurrent user admin actions can corrupt properties

     [ https://issues.apache.org/jira/browse/ARTEMIS-2893?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Clebert Suconic closed ARTEMIS-2893.
------------------------------------

> Concurrent user admin actions can corrupt properties
> ----------------------------------------------------
>
>                 Key: ARTEMIS-2893
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-2893
>             Project: ActiveMQ Artemis
>          Issue Type: Bug
>            Reporter: Justin Bertram
>            Assignee: Justin Bertram
>            Priority: Major
>             Fix For: 2.16.0
>
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> When performing concurrent user admin actions (e.g. {{resetUser}}, {{addUser}}, {{removeUser}} on {{ActiveMQServerControl}}) when using the {{PropertiesLoginModule}} with {{reload=true}} the underlying user and role properties files can get corrupted.
> Run this script:
> {code:java}
> #!/bin/bash
> for i in {1..5}
> do
>         # remove myuser
>         curl -k --user admin:admin -H "Origin: http://localhost:8161" "http://localhost:8161/console/jolokia/exec/org.apache.activemq.artemis:broker=%220.0.0.0%22/removeUser(java.lang.String)/myuser" &      
>   
>         # create user 'myuser' with password 'mypassword'
>         curl -k --user admin:admin -H "Origin: http://localhost:8161" "http://localhost:8161/console/jolokia/exec/org.apache.activemq.artemis:broker=%220.0.0.0%22/addUser(java.lang.String,java.lang.String,java.lang.String,boolean)/myuser/mypassword//false" & 
>        
>         # add role 'myrole' to 'myuser'
>         curl -k --user admin:admin -H "Origin: http://localhost:8161" "http://localhost:8161/console/jolokia/exec/org.apache.activemq.artemis:broker=%220.0.0.0%22/resetUser(java.lang.String,java.lang.String,java.lang.String)/myuser/mypassword/myrole" &       
>         # perform read operation as admin user, just to see if we can connect
>         curl -k --user admin:admin -H "Origin: http://localhost:8161" "http://localhost:8161/console/jolokia/exec/org.apache.activemq.artemis:broker=%220.0.0.0%22/listNetworkTopology()" &
> done
> {code}
> Sometimes the following logs will be encountered in the broker (note that the test does not remove/add admin):
> {code:java}
> 2020-09-01 14:35:28,398 WARN [io.hawt.system.Authenticator] Login failed due to: User does not exist: admin{code}
> The script may need to be run multiple times to trigger the {{WARN}}.
> Examination, in this case, of artemis-roles.properties shows:
> {code:java}
> $ cat etc/artemis-roles.properties | grep -v '#'
> amq = admin
>  = myuser
> {code}
> Multiple variations of the corruption may occur.
>  
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)