You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "Justin Bertram (Jira)" <ji...@apache.org> on 2023/01/19 19:23:00 UTC

[jira] [Updated] (ARTEMIS-4137) MQTT subscription queue clean-up can fail due to security

     [ https://issues.apache.org/jira/browse/ARTEMIS-4137?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Justin Bertram updated ARTEMIS-4137:
------------------------------------
    Description: 
When an MQTT subscriber disconnects the automated queue clean-up can fail if the subscriber didn't have authorization to delete the queue, e.g.:
{noformat}
ERROR [org.apache.activemq.artemis.core.protocol.mqtt] AMQ834000: Error removing subscription.
org.apache.activemq.artemis.api.core.ActiveMQSecurityException: AMQ229213: User: noDelete does not have permission='DELETE_DURABLE_QUEUE' for queue foo on address foo
	at org.apache.activemq.artemis.core.security.impl.SecurityStoreImpl.check(SecurityStoreImpl.java:307) ~[classes/:?]
	at org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl.destroyQueue(ActiveMQServerImpl.java:2448) ~[classes/:?]
	at org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl.destroyQueue(ActiveMQServerImpl.java:2421) ~[classes/:?]
	at org.apache.activemq.artemis.core.server.impl.ServerSessionImpl.deleteQueue(ServerSessionImpl.java:1186) ~[classes/:?]
	at org.apache.activemq.artemis.core.protocol.mqtt.MQTTSubscriptionManager.removeSubscription(MQTTSubscriptionManager.java:297) ~[classes/:?]
	at org.apache.activemq.artemis.core.protocol.mqtt.MQTTSubscriptionManager.clean(MQTTSubscriptionManager.java:376) ~[classes/:?]
	at org.apache.activemq.artemis.core.protocol.mqtt.MQTTSession.clean(MQTTSession.java:226) ~[classes/:?]
	at org.apache.activemq.artemis.core.protocol.mqtt.MQTTSession.stop(MQTTSession.java:135) ~[classes/:?]
	at org.apache.activemq.artemis.core.protocol.mqtt.MQTTConnectionManager.disconnect(MQTTConnectionManager.java:185) ~[classes/:?]
	at org.apache.activemq.artemis.core.protocol.mqtt.MQTTProtocolHandler.disconnect(MQTTProtocolHandler.java:278) ~[classes/:?]
	at org.apache.activemq.artemis.core.protocol.mqtt.MQTTProtocolHandler.act(MQTTProtocolHandler.java:182) ~[classes/:?]
	at org.apache.activemq.artemis.utils.actors.Actor.doTask(Actor.java:32) ~[classes/:?]
	at org.apache.activemq.artemis.utils.actors.ProcessorBase.executePendingTasks(ProcessorBase.java:68) ~[classes/:?]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) ~[?:?]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) ~[?:?]
	at org.apache.activemq.artemis.utils.ActiveMQThreadFactory$1.run(ActiveMQThreadFactory.java:118) ~[classes/:?]{noformat}
This can lead to unwanted message accumulation and impact broker performance. The broker should delete the queue without regard to security authorization in this case.

> MQTT subscription queue clean-up can fail due to security
> ---------------------------------------------------------
>
>                 Key: ARTEMIS-4137
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-4137
>             Project: ActiveMQ Artemis
>          Issue Type: Bug
>            Reporter: Justin Bertram
>            Assignee: Justin Bertram
>            Priority: Major
>
> When an MQTT subscriber disconnects the automated queue clean-up can fail if the subscriber didn't have authorization to delete the queue, e.g.:
> {noformat}
> ERROR [org.apache.activemq.artemis.core.protocol.mqtt] AMQ834000: Error removing subscription.
> org.apache.activemq.artemis.api.core.ActiveMQSecurityException: AMQ229213: User: noDelete does not have permission='DELETE_DURABLE_QUEUE' for queue foo on address foo
> 	at org.apache.activemq.artemis.core.security.impl.SecurityStoreImpl.check(SecurityStoreImpl.java:307) ~[classes/:?]
> 	at org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl.destroyQueue(ActiveMQServerImpl.java:2448) ~[classes/:?]
> 	at org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl.destroyQueue(ActiveMQServerImpl.java:2421) ~[classes/:?]
> 	at org.apache.activemq.artemis.core.server.impl.ServerSessionImpl.deleteQueue(ServerSessionImpl.java:1186) ~[classes/:?]
> 	at org.apache.activemq.artemis.core.protocol.mqtt.MQTTSubscriptionManager.removeSubscription(MQTTSubscriptionManager.java:297) ~[classes/:?]
> 	at org.apache.activemq.artemis.core.protocol.mqtt.MQTTSubscriptionManager.clean(MQTTSubscriptionManager.java:376) ~[classes/:?]
> 	at org.apache.activemq.artemis.core.protocol.mqtt.MQTTSession.clean(MQTTSession.java:226) ~[classes/:?]
> 	at org.apache.activemq.artemis.core.protocol.mqtt.MQTTSession.stop(MQTTSession.java:135) ~[classes/:?]
> 	at org.apache.activemq.artemis.core.protocol.mqtt.MQTTConnectionManager.disconnect(MQTTConnectionManager.java:185) ~[classes/:?]
> 	at org.apache.activemq.artemis.core.protocol.mqtt.MQTTProtocolHandler.disconnect(MQTTProtocolHandler.java:278) ~[classes/:?]
> 	at org.apache.activemq.artemis.core.protocol.mqtt.MQTTProtocolHandler.act(MQTTProtocolHandler.java:182) ~[classes/:?]
> 	at org.apache.activemq.artemis.utils.actors.Actor.doTask(Actor.java:32) ~[classes/:?]
> 	at org.apache.activemq.artemis.utils.actors.ProcessorBase.executePendingTasks(ProcessorBase.java:68) ~[classes/:?]
> 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) ~[?:?]
> 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) ~[?:?]
> 	at org.apache.activemq.artemis.utils.ActiveMQThreadFactory$1.run(ActiveMQThreadFactory.java:118) ~[classes/:?]{noformat}
> This can lead to unwanted message accumulation and impact broker performance. The broker should delete the queue without regard to security authorization in this case.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)