You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by cl...@apache.org on 2021/07/12 15:28:19 UTC
[activemq-artemis] 02/02: ARTEMIS-3381 AMQP bypasses session when
deleting queues
This is an automated email from the ASF dual-hosted git repository.
clebertsuconic pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/activemq-artemis.git
commit ec508d8306b8e0db5dcdbf8c26a0f480608d97dc
Author: Justin Bertram <jb...@apache.org>
AuthorDate: Thu Jul 8 20:01:44 2021 -0500
ARTEMIS-3381 AMQP bypasses session when deleting queues
The AMQP implementation bypasses the ServerSession when deleting queues
which also bypasses security authorization.
---
.../protocol/amqp/broker/AMQPSessionCallback.java | 2 +-
.../integration/server/SecureConfigurationTest.java | 19 ++++++++++++++++++-
.../src/test/resources/multicast_topic.xml | 6 +++---
3 files changed, 22 insertions(+), 5 deletions(-)
diff --git a/artemis-protocols/artemis-amqp-protocol/src/main/java/org/apache/activemq/artemis/protocol/amqp/broker/AMQPSessionCallback.java b/artemis-protocols/artemis-amqp-protocol/src/main/java/org/apache/activemq/artemis/protocol/amqp/broker/AMQPSessionCallback.java
index 9be3858..82dbec7 100644
--- a/artemis-protocols/artemis-amqp-protocol/src/main/java/org/apache/activemq/artemis/protocol/amqp/broker/AMQPSessionCallback.java
+++ b/artemis-protocols/artemis-amqp-protocol/src/main/java/org/apache/activemq/artemis/protocol/amqp/broker/AMQPSessionCallback.java
@@ -642,7 +642,7 @@ public class AMQPSessionCallback implements SessionCallback {
}
public void deleteQueue(SimpleString queueName) throws Exception {
- manager.getServer().destroyQueue(queueName);
+ serverSession.deleteQueue(queueName);
}
public void resetContext(OperationContext oldContext) {
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/server/SecureConfigurationTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/server/SecureConfigurationTest.java
index 87adf23..7d6e802 100644
--- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/server/SecureConfigurationTest.java
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/server/SecureConfigurationTest.java
@@ -120,7 +120,7 @@ public class SecureConfigurationTest extends ActiveMQTestBase {
}
@Test
- public void testSecureDurableSubscriber() throws Exception {
+ public void testCreateSecureDurableSubscriber() throws Exception {
ConnectionFactory connectionFactory = getConnectionFactory("b", "b");
String message = "blah";
@@ -137,6 +137,23 @@ public class SecureConfigurationTest extends ActiveMQTestBase {
}
@Test
+ public void testDeleteSecureDurableSubscriber() throws Exception {
+ ConnectionFactory connectionFactory = getConnectionFactory("c", "c");
+ String message = "blah";
+
+ //Expect to be able to create durable queue for subscription
+ String messageRecieved = sendAndReceiveTextUsingTopic(connectionFactory, "clientId", message, "secured_topic_durable", (t, s) -> s.createDurableSubscriber(t, "secured_topic_durable/non-existant-queue"));
+ Assert.assertEquals(message, messageRecieved);
+
+ try {
+ sendAndReceiveTextUsingTopic(connectionFactory, "clientId", message, "secured_topic_durable", (t, s) -> s.createDurableSubscriber(t, "secured_topic_durable/non-existant-queue", "age > 10", false));
+ Assert.fail("Security exception expected, but did not occur, excepetion expected as not permissioned to dynamically delete queue");
+ } catch (JMSSecurityException j) {
+ //Expected exception
+ }
+ }
+
+ @Test
public void testTemporaryQueue() throws Exception {
ConnectionFactory connectionFactory = getConnectionFactory("a", "a");
String message = "blah";
diff --git a/tests/integration-tests/src/test/resources/multicast_topic.xml b/tests/integration-tests/src/test/resources/multicast_topic.xml
index a4891d0..009b3e8 100644
--- a/tests/integration-tests/src/test/resources/multicast_topic.xml
+++ b/tests/integration-tests/src/test/resources/multicast_topic.xml
@@ -127,11 +127,11 @@ under the License.
<security-setting match="secured_topic_durable">
<permission type="createNonDurableQueue" roles="a"/>
<permission type="deleteNonDurableQueue" roles="a"/>
- <permission type="createDurableQueue" roles="a"/>
+ <permission type="createDurableQueue" roles="a,c"/>
<permission type="deleteDurableQueue" roles="a"/>
<permission type="browse" roles="a"/>
- <permission type="send" roles="a,b"/>
- <permission type="consume" roles="a,b" />
+ <permission type="send" roles="a,b,c"/>
+ <permission type="consume" roles="a,b,c" />
<!-- we need this otherwise ./artemis data imp wouldn't work -->
<permission type="manage" roles="a"/>
</security-setting>