You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "Clebert Suconic (Jira)" <ji...@apache.org> on 2020/11/03 01:18:01 UTC
[jira] [Closed] (ARTEMIS-2893) Concurrent user admin actions can
corrupt properties
[ https://issues.apache.org/jira/browse/ARTEMIS-2893?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Clebert Suconic closed ARTEMIS-2893.
------------------------------------
> Concurrent user admin actions can corrupt properties
> ----------------------------------------------------
>
> Key: ARTEMIS-2893
> URL: https://issues.apache.org/jira/browse/ARTEMIS-2893
> Project: ActiveMQ Artemis
> Issue Type: Bug
> Reporter: Justin Bertram
> Assignee: Justin Bertram
> Priority: Major
> Fix For: 2.16.0
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> When performing concurrent user admin actions (e.g. {{resetUser}}, {{addUser}}, {{removeUser}} on {{ActiveMQServerControl}}) when using the {{PropertiesLoginModule}} with {{reload=true}} the underlying user and role properties files can get corrupted.
> Run this script:
> {code:java}
> #!/bin/bash
> for i in {1..5}
> do
> # remove myuser
> curl -k --user admin:admin -H "Origin: http://localhost:8161" "http://localhost:8161/console/jolokia/exec/org.apache.activemq.artemis:broker=%220.0.0.0%22/removeUser(java.lang.String)/myuser" &
>
> # create user 'myuser' with password 'mypassword'
> curl -k --user admin:admin -H "Origin: http://localhost:8161" "http://localhost:8161/console/jolokia/exec/org.apache.activemq.artemis:broker=%220.0.0.0%22/addUser(java.lang.String,java.lang.String,java.lang.String,boolean)/myuser/mypassword//false" &
>
> # add role 'myrole' to 'myuser'
> curl -k --user admin:admin -H "Origin: http://localhost:8161" "http://localhost:8161/console/jolokia/exec/org.apache.activemq.artemis:broker=%220.0.0.0%22/resetUser(java.lang.String,java.lang.String,java.lang.String)/myuser/mypassword/myrole" &
> # perform read operation as admin user, just to see if we can connect
> curl -k --user admin:admin -H "Origin: http://localhost:8161" "http://localhost:8161/console/jolokia/exec/org.apache.activemq.artemis:broker=%220.0.0.0%22/listNetworkTopology()" &
> done
> {code}
> Sometimes the following logs will be encountered in the broker (note that the test does not remove/add admin):
> {code:java}
> 2020-09-01 14:35:28,398 WARN [io.hawt.system.Authenticator] Login failed due to: User does not exist: admin{code}
> The script may need to be run multiple times to trigger the {{WARN}}.
> Examination, in this case, of artemis-roles.properties shows:
> {code:java}
> $ cat etc/artemis-roles.properties | grep -v '#'
> amq = admin
> = myuser
> {code}
> Multiple variations of the corruption may occur.
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)