You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Wesley Holevinski (JIRA)" <ji...@apache.org> on 2014/06/23 16:11:24 UTC
[jira] [Commented] (QPID-5833) Message's userId check in C++ broker
prevents sending messages between different users
[ https://issues.apache.org/jira/browse/QPID-5833?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14040778#comment-14040778 ]
Wesley Holevinski commented on QPID-5833:
-----------------------------------------
The issue was fixed by clearing out the userId; I left it open because I wasn't sure if the behavior was by design. It sounds like it is though.
Thanks again for the help!
> Message's userId check in C++ broker prevents sending messages between different users
> --------------------------------------------------------------------------------------
>
> Key: QPID-5833
> URL: https://issues.apache.org/jira/browse/QPID-5833
> Project: Qpid
> Issue Type: Bug
> Affects Versions: 0.28
> Reporter: Wesley Holevinski
> Attachments: qpid_5833_steps.tgz
>
>
> The lines in question are :
> {noformat}
> df36b35e qpid/cpp/src/qpid/broker/SemanticState.cpp (Gordon Sim 2012-08-10 12:04:27 +0000 490) std::string id = msg.getUserId();
> ae0f6726 qpid/cpp/src/qpid/broker/SemanticState.cpp (Alan Conway 2011-12-06 15:56:40 +0000 491) if (authMsg && !id.empty() && !session.getConnection().isAuthenticatedUser(id))
> 63f48b2f qpid/cpp/src/qpid/broker/SemanticState.cpp (Rajith Muditha Attapattu 2008-09-25 18:40:32 +0000 492) {
> d7c67754 qpid/cpp/src/qpid/broker/SemanticState.cpp (Gordon Sim 2008-10-10 16:54:54 +0000 493) QPID_LOG(debug, "authorised user id : " << userID << " but user id in message declared as " << id);
> d7c67754 qpid/cpp/src/qpid/broker/SemanticState.cpp (Gordon Sim 2008-10-10 16:54:54 +0000 494) throw UnauthorizedAccessException(QPID_MSG("authorised user id : " << userID << " but user id in messag
> 63f48b2f qpid/cpp/src/qpid/broker/SemanticState.cpp (Rajith Muditha Attapattu 2008-09-25 18:40:32 +0000 495) }
> {noformat}
> ---
> Up until this point, we haven't been using a JMS client; we've found that the JMS client will insert the userId into the message:
> {noformat}
> d4d85f06 (Rajith Muditha Attapattu 2008-09-25 18:35:11 +0000 117) // On the receiving side, this will be read in to the JMSXUserID as well.
> dd2ed172 (Rajith Muditha Attapattu 2008-10-01 19:27:19 +0000 118) messageProps.setUserId(userIDBytes);
> d4d85f06 (Rajith Muditha Attapattu 2008-09-25 18:35:11 +0000 119)
> 21c61b77 (Rafael H. Schloming 2008-07-09 13:26:54 +0000 120) if (messageId != null)
> 21c61b77 (Rafael H. Schloming 2008-07-09 13:26:54 +0000 121) {
> 21c61b77 (Rafael H. Schloming 2008-07-09 13:26:54 +0000 122) messageProps.setMessageId(messageId);
> 21c61b77 (Rafael H. Schloming 2008-07-09 13:26:54 +0000 123) }
> {noformat}
> ---
> Our scenario:
> 1. Send message to a broker using the JMS client; authenticate as user: 'tester'
> 2. Consume message from destination queue as user 'mgmt'
> {noformat}
> Result: "unauthorized-access: authorised user id : mgmt@QPID but user id in message declared as tester (/builddir/build/BUILD/qpid-0.28-rc2/cpp/src/qpid/broker/SemanticState.cpp:497"
> {noformat}
> ---
> I'll work on providing a full end to end simple example for this.
> ---
> Per Gordon in the mailing list:
> That error occurs in the broker when a message is sent by a client. SO I
> suspect what may be happening is that your c++ client is receiving the
> message from JMS, then sending the same message back (including the
> userid of the JMS client that originally sent it).
> If I'm right, all you need to do is clear the message in the c++ client,
> before resending it (using Message::setUserId()).
> ---
> See attached tgz for quick and dirty reproduction steps, c++ client, and jms client. Setup in README
--
This message was sent by Atlassian JIRA
(v6.2#6252)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org