You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "Alexander (Jira)" <ji...@apache.org> on 2022/01/24 16:51:00 UTC

[jira] [Created] (ARTEMIS-3656) Client session limit is evaluated incorrectly for ssl connections

Alexander created ARTEMIS-3656:
----------------------------------

             Summary: Client session limit is evaluated incorrectly for ssl connections
                 Key: ARTEMIS-3656
                 URL: https://issues.apache.org/jira/browse/ARTEMIS-3656
             Project: ActiveMQ Artemis
          Issue Type: Bug
    Affects Versions: 2.17.0
            Reporter: Alexander


Client session limit is evaluated incorrectly for ssl connections.

For authentication, the rg.apache.activemq.artemis.spi.core.security.jaas.TextFileCertificateLoginModule module is used (clients do not specify a user and password to create connections).

In this case, the user can enter any other user, and the connection count check will be performed for the specified user (so validatedUser must be used).

The problem is in the org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl#getSessionCountForUser method - the check is not based on the validatedUser, but on the user (which users do not enter), as a result we get a NullPointerException In the code below.
{{}}
{{private}} {{int}} {{getSessionCountForUser(String username) {}}
{{   }}{{int}} {{sessionCount = }}{{{}0{}}}{{{};{}}}
{{   }}{{for}} {{(Entry<String, ServerSession> sessionEntry : sessions.entrySet()) {}}
{{      }}{{if}} {{(sessionEntry.getValue().{*}getUsername(){*}.equals(username)) { }}{{// change to sessionEntry.getValue().getValidatedUser()....}}
{{         }}{{sessionCount++;}}
{{      }}{{}}}
{{   }}{{}}}
{{   }}{{return}} {{sessionCount;}}
{{}}}
 

Files in etc folder:

1) login.config

....

CertLogin {
    org.apache.activemq.artemis.spi.core.security.jaas.TextFileCertificateLoginModule requisite
        debug=false
        reload=true
        org.apache.activemq.jaas.textfiledn.user="cert-users.properties"
        org.apache.activemq.jaas.textfiledn.role="cert-roles.properties";
};

....

2) broker.xml:

....    

<resource-limit-settings>
      <resource-limit-setting match="user1">
        <max-connections>5</max-connections>
      </resource-limit-setting>
    </resource-limit-settings>

    <acceptors>
      <acceptor name="artemis">tcp://0.0.0.0:60001?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;amqpMinLargeMessageSize=102400;protocols=CORE,AMQP,STOMP,HORNETQ,MQTT,OPENWIRE;useEpoll=true;amqpCredits=1000;amqpLowCredits=300;amqpDuplicateDetection=true;sslEnabled=true;keyStorePath=/app/artemis/ssl/artemis_server_gw.jks;trustStorePath=/app/artemis/ssl/artemis_server_gw.jks;keyStorePassword=secret;trustStorePassword=secret;enabledCipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA256;enabledProtocols=TLSv1.2;needClientAuth=true</acceptor>
    </acceptors>

....



--
This message was sent by Atlassian Jira
(v8.20.1#820001)