You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by jb...@apache.org on 2022/07/20 16:36:35 UTC

[activemq-artemis] branch main updated: ARTEMIS-3892 fix tests, add docs

This is an automated email from the ASF dual-hosted git repository.

jbertram pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/activemq-artemis.git


The following commit(s) were added to refs/heads/main by this push:
     new a2262612ca ARTEMIS-3892 fix tests, add docs
a2262612ca is described below

commit a2262612ca5169a4e4c07454ba3f09012e02cada
Author: Justin Bertram <jb...@apache.org>
AuthorDate: Wed Jul 20 11:35:15 2022 -0500

    ARTEMIS-3892 fix tests, add docs
---
 .../core/server/impl/ServerSessionImpl.java        |  6 ++++-
 docs/user-manual/en/versions.md                    | 26 +++++++++++++++++-----
 .../management/ActiveMQServerControlTest.java      |  2 +-
 3 files changed, 26 insertions(+), 8 deletions(-)

diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java
index eefb0c2c8f..5057d362e1 100644
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java
@@ -1996,7 +1996,11 @@ public class ServerSessionImpl implements ServerSession, FailureListener {
 
    @Override
    public String getValidatedUser() {
-      return validatedUser;
+      /*
+       * Security is often disabled in tests so if the validated user is null
+       * then just return the username supplied directly from the client.
+       */
+      return validatedUser != null ? validatedUser : username;
    }
 
    @Override
diff --git a/docs/user-manual/en/versions.md b/docs/user-manual/en/versions.md
index 63e18252b8..69a5dbd4e3 100644
--- a/docs/user-manual/en/versions.md
+++ b/docs/user-manual/en/versions.md
@@ -16,12 +16,26 @@ Highlights:
 
 #### Upgrading from older versions
 
-Due to [ARTEMIS-3851](https://issues.apache.org/jira/browse/ARTEMIS-3851) the queue
-created for an MQTT 3.x subscriber using `CleanSession=1` is now **non-durable**
-rather than durable. This may impact `security-settings` for MQTT clients which
-previously only had `createDurableQueue` for their role. They will now need
-`createNonDurableQueue` as well. Again, this only has potential impact for MQTT 3.x
-clients using `CleanSession=1`.
+ 1. Due to [ARTEMIS-3851](https://issues.apache.org/jira/browse/ARTEMIS-3851) 
+    the queue created for an MQTT 3.x subscriber using `CleanSession=1` is now
+    **non-durable** rather than durable. This may impact `security-settings`
+    for MQTT clients which previously only had `createDurableQueue` for their
+    role. They will now need `createNonDurableQueue` as well. Again, this only
+    has potential impact for MQTT 3.x clients using `CleanSession=1`.
+ 2. Due to [ARTEMIS-3892](https://issues.apache.org/jira/browse/ARTEMIS-3892)
+    the username assigned to queues will be based on the **validated** user
+    rather than just the username submitted by the client application. This
+    will impact use-cases like the following:
+    1. When `login.config` is configured with the [`GuestLoginModule`](security.md#guestloginmodule)
+       which causes some users to be assigned a specific username and role
+       during the authentication process. 
+    2. When `login.config` is configured with the [`CertificateLoginModule`](security.md#certificateloginmodule)
+       which causes users to be assigned a username and role corresponding to
+       the subject DN from their SSL certificate.
+    
+    In these kinds of situations the broker will use this assigned (i.e. 
+    validated) username for any queues created with the connection. In the past
+    the queue's username would have been left blank.
 
 ## 2.23.1
 [Full release notes](https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12351846&projectId=12315920)
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/ActiveMQServerControlTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/ActiveMQServerControlTest.java
index f274e2aa77..592aa5fb2a 100644
--- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/ActiveMQServerControlTest.java
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/ActiveMQServerControlTest.java
@@ -2929,7 +2929,7 @@ public class ActiveMQServerControlTest extends ManagementTestBase {
       Assert.assertNotEquals("consumerCount", "", array.getJsonObject(0).getString("consumerCount"));
       Assert.assertEquals("maxConsumers", "-1", array.getJsonObject(0).getString("maxConsumers"));
       Assert.assertEquals("autoCreated", "false", array.getJsonObject(0).getString("autoCreated"));
-      Assert.assertEquals("user", "", array.getJsonObject(0).getString("user"));
+      Assert.assertEquals("user", "guest", array.getJsonObject(0).getString("user"));
       Assert.assertNotEquals("routingType", "", array.getJsonObject(0).getString("routingType"));
       Assert.assertEquals("messagesAdded", "0", array.getJsonObject(0).getString("messagesAdded"));
       Assert.assertEquals("messageCount", "0", array.getJsonObject(0).getString("messageCount"));