You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2018/10/03 15:13:00 UTC
[jira] [Commented] (ARTEMIS-1545) JMS MessageProducer fails to
expose exception on send when message is sent non-persistent, but not
authorised
[ https://issues.apache.org/jira/browse/ARTEMIS-1545?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16637064#comment-16637064 ]
ASF GitHub Bot commented on ARTEMIS-1545:
-----------------------------------------
Github user clebertsuconic commented on a diff in the pull request:
https://github.com/apache/activemq-artemis/pull/2187#discussion_r222350527
--- Diff: artemis-core-client/src/main/resources/activemq-version.properties ---
@@ -20,4 +20,4 @@ activemq.version.minorVersion=${activemq.version.minorVersion}
activemq.version.microVersion=${activemq.version.microVersion}
activemq.version.incrementingVersion=${activemq.version.incrementingVersion}
activemq.version.versionTag=${activemq.version.versionTag}
-activemq.version.compatibleVersionList=121,122,123,124,125,126,127,128,129
--- End diff --
@michaelandrepearce I would say end of the year.. i wanted to fix large messages in AMQP first
that doesn't prevent you from cherry-picking the fix on another branch. I know you use Red Hat's downstream version.. this could be cherry-picked.
> JMS MessageProducer fails to expose exception on send when message is sent non-persistent, but not authorised
> -------------------------------------------------------------------------------------------------------------
>
> Key: ARTEMIS-1545
> URL: https://issues.apache.org/jira/browse/ARTEMIS-1545
> Project: ActiveMQ Artemis
> Issue Type: Bug
> Affects Versions: 2.6.3
> Reporter: Michael Andre Pearce
> Priority: Major
> Fix For: 2.7.0
>
>
> When sending persistent, behaviour is blocking and a Security exception is thrown. The same behaviour that the client is exposed to the client when sending non-persistent, so that a client could log or take action asynchronously.
> This can be recreated easily by the following:
> Add the following security section , that means guest is not auth'd to send to "guest.cannot.send"
> activemq-artemis/tests/jms-tests/src/test/resources/broker.xml
> <security-setting match="guest.cannot.send">
> <permission type="createDurableQueue" roles="guest,def"/>
> <permission type="deleteDurableQueue" roles="guest,def"/>
> <permission type="createNonDurableQueue" roles="guest,def"/>
> <permission type="deleteNonDurableQueue" roles="guest,def"/>
> <permission type="consume" roles="guest,def"/>
> <permission type="browse" roles="guest,def"/>
> <permission type="send" roles="def"/>
> </security-setting>
> Then add the following tests to this test (first is proving exception correctly is thrown when persistent is sent using jms api, and second shows behaviour difference and no error):
> activemq-artemis/tests/jms-tests/src/test/java/org/apache/activemq/artemis/jms/tests/SecurityTest.java
> /**
> * Login with valid user and password
> * But try send to address not authorised - Persistent
> * Should not allow and should throw exception
> */
> @Test
> public void testLoginValidUserAndPasswordButNotAuthorisedToSend() throws Exception {
> ConnectionFactory connectionFactory = new ActiveMQConnectionFactory("tcp://localhost:61616");
> Connection connection = connectionFactory.createConnection("guest", "guest");
> Session session = connection.createSession();
> Destination destination = session.createQueue("guest.cannot.send");
> MessageProducer messageProducer = session.createProducer(destination);
> try {
> messageProducer.send(session.createTextMessage("hello"));
> fail("JMSSecurityException expected as guest is not allowed to send");
> } catch (JMSSecurityException activeMQSecurityException){
> //pass
> }
> connection.close();
> }
> /**
> * Login with valid user and password
> * But try send to address not authorised - Non Persistent.
> * Should have same behaviour as Persistent with exception on send.
> */
> @Test
> public void testLoginValidUserAndPasswordButNotAuthorisedToSendNonPersistent() throws Exception {
> ConnectionFactory connectionFactory = new ActiveMQConnectionFactory("tcp://localhost:61616");
> Connection connection = connectionFactory.createConnection("guest", "guest");
> Session session = connection.createSession();
> Destination destination = session.createQueue("guest.cannot.send");
> MessageProducer messageProducer = session.createProducer(destination);
> messageProducer.setDeliveryMode(DeliveryMode.NON_PERSISTENT);
> try {
> messageProducer.send(session.createTextMessage("hello"));
> fail("JMSSecurityException expected as guest is not allowed to send");
> } catch (JMSSecurityException activeMQSecurityException){
> //pass
> }
> connection.close();
> }
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)