You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@rocketmq.apache.org by GitBox <gi...@apache.org> on 2022/10/14 03:58:20 UTC
[GitHub] [rocketmq] sinrimin opened a new issue, #5310: Admin tool queryMessage signature check failed
sinrimin opened a new issue, #5310:
URL: https://github.com/apache/rocketmq/issues/5310
## Broker logs:
```
org.apache.rocketmq.acl.common.AclException: Check signature failed for accessKey=dashboard
at org.apache.rocketmq.acl.plain.PlainPermissionManager.validate(PlainPermissionManager.java:683)
at org.apache.rocketmq.acl.plain.PlainAccessValidator.validate(PlainAccessValidator.java:151)
at org.apache.rocketmq.broker.BrokerController$2.doBeforeRequest(BrokerController.java:522)
at org.apache.rocketmq.remoting.netty.NettyRemotingAbstract.doBeforeRpcHooks(NettyRemotingAbstract.java:172)
at org.apache.rocketmq.remoting.netty.NettyRemotingAbstract$1.run(NettyRemotingAbstract.java:203)
at org.apache.rocketmq.remoting.netty.RequestTask.run(RequestTask.java:80)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:750)
```
## Probable cause:
Borker signature check excluded extFields name by "_UNIQUE_KEY_QUERY", but admin tool did not.
PlainAccessValidator.java:141
```java
// Content
SortedMap<String, String> map = new TreeMap<String, String>();
for (Map.Entry<String, String> entry : request.getExtFields().entrySet()) {
if (!SessionCredentials.SIGNATURE.equals(entry.getKey())
&& !MixAll.UNIQUE_MSG_QUERY_FLAG.equals(entry.getKey())) {
map.put(entry.getKey(), entry.getValue());
}
}
accessResource.setContent(AclUtils.combineRequestContent(request, map));
```
AclClientRPCHook.java:54
```java
protected SortedMap<String, String> parseRequestContent(RemotingCommand request) {
request.makeCustomHeaderToNet();
Map<String, String> extFields = request.getExtFields();
// Sort property
return new TreeMap<String, String>(extFields);
}
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@rocketmq.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [rocketmq] echooymxq commented on issue #5310: Admin tool queryMessage signature check failed
Posted by GitBox <gi...@apache.org>.
echooymxq commented on issue #5310:
URL: https://github.com/apache/rocketmq/issues/5310#issuecomment-1278614328
In fact, I don't know why need to exclude the `UNIQUE_MSG_QUERY_FLAG `, about this https://github.com/apache/rocketmq/pull/1756 ? @zhangjidi2016
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@rocketmq.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [rocketmq] zhangjidi2016 commented on issue #5310: Admin tool queryMessage signature check failed
Posted by GitBox <gi...@apache.org>.
zhangjidi2016 commented on issue #5310:
URL: https://github.com/apache/rocketmq/issues/5310#issuecomment-1278719100
Before this patch (https://github.com/apache/rocketmq/commit/a4a53706329f8b26650978bcd6319dbffd7bb4ed) ,The additional attribute UNIQUE_MSG_QUERY_FLAG is added to the request extField when the message is queried, which causes inconsistency when the signature is computed between the client and the server,so the property is removed when the server computes signature.
Now this line code could be removed, I will fix it later.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@rocketmq.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [I] Admin tool queryMessage signature check failed [rocketmq]
Posted by "github-actions[bot] (via GitHub)" <gi...@apache.org>.
github-actions[bot] closed issue #5310: Admin tool queryMessage signature check failed
URL: https://github.com/apache/rocketmq/issues/5310
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@rocketmq.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [I] Admin tool queryMessage signature check failed [rocketmq]
Posted by "github-actions[bot] (via GitHub)" <gi...@apache.org>.
github-actions[bot] commented on issue #5310:
URL: https://github.com/apache/rocketmq/issues/5310#issuecomment-1763215301
This issue is stale because it has been open for 365 days with no activity. It will be closed in 3 days if no further activity occurs.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@rocketmq.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [rocketmq] sinrimin commented on issue #5310: Admin tool queryMessage signature check failed
Posted by GitBox <gi...@apache.org>.
sinrimin commented on issue #5310:
URL: https://github.com/apache/rocketmq/issues/5310#issuecomment-1278801166
@zhangjidi2016 Removing that line may cause the `rocketmq-tools version<=4.9.3` signature check to fail.:joy_cat:
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@rocketmq.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [rocketmq] echooymxq commented on issue #5310: Admin tool queryMessage signature check failed
Posted by GitBox <gi...@apache.org>.
echooymxq commented on issue #5310:
URL: https://github.com/apache/rocketmq/issues/5310#issuecomment-1278765681
@zhangjidi2016 I got it. Thank your answer.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@rocketmq.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [I] Admin tool queryMessage signature check failed [rocketmq]
Posted by "github-actions[bot] (via GitHub)" <gi...@apache.org>.
github-actions[bot] commented on issue #5310:
URL: https://github.com/apache/rocketmq/issues/5310#issuecomment-1769662516
This issue was closed because it has been inactive for 3 days since being marked as stale.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@rocketmq.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org