You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "clebert suconic (JIRA)" <ji...@apache.org> on 2017/12/08 16:26:00 UTC

[jira] [Commented] (ARTEMIS-1545) JMS MessageProducer fails to expose exception on send when message is sent non-persistent, but not authorised

    [ https://issues.apache.org/jira/browse/ARTEMIS-1545?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16283797#comment-16283797 ] 

clebert suconic commented on ARTEMIS-1545:
------------------------------------------

this IRC chat may be relevant:


[11:00am] clebert: michaelandrepear:  the ACKHandler is based on confirmations….
[11:00am] clebert: which is part of the protocol on core...
[11:01am] • clebert still looking
[11:01am] clebert: that’s called through : ActiveMQSessionContext:: CommandConfirmationHandler
[11:02am] clebert: michaelandrepear:  ^
[11:02am] • clebert still looking into something...
[11:09am] clebert: michaelandrepear:  looking at ServerSessionPacketHandler… onSessionSend...
[11:09am] clebert: senndResponse would be called with an exception...
[11:09am] clebert: (even if it’s asynchronous)
[11:09am] clebert: on that case with requiresResponse = false
[11:09am] clebert: on the client.....
[11:09am] • clebert looking again.. hold on
[11:11am] clebert: ActiveMQSessionContext::
[11:11am] clebert: line 899
[11:11am] clebert: is that log being throwed at the client?
[11:11am] clebert: we could feed the Exception Handler there...
[11:12am] clebert: so.. we need to make sure the ServerSessionPacketHandler would throw the exception to the client
[11:12am] clebert: and that the ActiveMQessionContext::handlePacket
[11:12am] clebert: would put this exception at the right place on the session...
[11:12am] clebert: this seems to be coming correctly at the ChannelPacketHandler.. which belongs to the session
[11:13am] clebert: michaelandrepear:  I think that answers what we would need to here… but this is the 5% of inspiration.. putting this to work will be some work!
[11:13am] clebert: michaelandrepear:  more on testing
[11:13am] clebert: michaelandrepear:  wdyt?
[11:13am] michaelandrepear: (sorry disconnected, but just catching up)
[11:13am] michaelandrepear: (dont worry i have the full chat)
[11:15am] michaelandrepear: ok, so i think i understand, ill have to step through the code on debug to undertsand fully
[11:15am] michaelandrepear: but thanks its a good starter for ten
[11:16am] clebert: michaelandrepear:  I would need to debug more as well
[11:16am] clebert: michaelandrepear:  but this is where I would start
[11:17am] michaelandrepear: @clebert we will need to somehow get that tied back also to the completionlistener
[11:19am] michaelandrepear: @clebert just thinking aloud
[11:19am] clebert: I agree
[11:19am] clebert: michaelandrepear:
[11:19am] clebert: michaelandrepear:  I agree
[11:19am] clebert: michaelandrepear:  just realized how
[11:19am] clebert: if sessionChannel.getConfrmationHandler != null
[11:20am] clebert: add a method to CommandConfirmationHandler
[11:20am] clebert: and deletgate that to the confirmationListener
[11:20am] clebert: michaelandrepear:  it would be nice to have these somewhere… JIRA perhaps?
[11:20am] clebert: michaelandrepear:  do you have a JIRA for this?
[11:21am] michaelandrepear: @clebert i have the original jira for the PR i made but that was specific about getting exception thrown
[11:21am] michaelandrepear: @clebert i think this is slightly different so will raise a new one a bit more specific
[11:21am] clebert: michaelandrepear:  I would perhaps rename that JIRA
[11:21am] clebert: recycle ID 
[11:21am] clebert: as the intention was this

> JMS MessageProducer fails to expose exception on send when message is sent non-persistent, but not authorised
> -------------------------------------------------------------------------------------------------------------
>
>                 Key: ARTEMIS-1545
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-1545
>             Project: ActiveMQ Artemis
>          Issue Type: Bug
>            Reporter: Michael Andre Pearce
>
> When sending persistent, behaviour is as expected and a Security exception is thrown. The same behaviour should be expected when sending non-persistent, by default.
> This can be recreated easily by the following:
> Add the following security section , that means guest is not auth'd to send to "guest.cannot.send"
> activemq-artemis/tests/jms-tests/src/test/resources/broker.xml
>  <security-setting match="guest.cannot.send">
>                <permission type="createDurableQueue" roles="guest,def"/>
>                <permission type="deleteDurableQueue" roles="guest,def"/>
>                <permission type="createNonDurableQueue" roles="guest,def"/>
>                <permission type="deleteNonDurableQueue" roles="guest,def"/>
>                <permission type="consume" roles="guest,def"/>
>                <permission type="browse" roles="guest,def"/>
>                <permission type="send" roles="def"/>
>            </security-setting>
> Then add the following tests to this test (first is proving exception correctly is thrown when persistent is sent using jms api, and second shows behaviour difference and no error):
> activemq-artemis/tests/jms-tests/src/test/java/org/apache/activemq/artemis/jms/tests/SecurityTest.java
>   /**
>     * Login with valid user and password
>     * But try send to address not authorised - Persistent
>     * Should not allow and should throw exception
>     */
>    @Test
>    public void testLoginValidUserAndPasswordButNotAuthorisedToSend() throws Exception {
>       ConnectionFactory connectionFactory = new ActiveMQConnectionFactory("tcp://localhost:61616");
>       Connection connection = connectionFactory.createConnection("guest", "guest");
>       Session session = connection.createSession();
>       Destination destination = session.createQueue("guest.cannot.send");
>       MessageProducer messageProducer = session.createProducer(destination);
>       try {
>          messageProducer.send(session.createTextMessage("hello"));
>          fail("JMSSecurityException expected as guest is not allowed to send");
>       } catch (JMSSecurityException activeMQSecurityException){
>          //pass
>       }
>       connection.close();
>    }
>    /**
>     * Login with valid user and password
>     * But try send to address not authorised - Non Persistent.
>     * Should have same behaviour as Persistent with exception on send.
>     */
>    @Test
>    public void testLoginValidUserAndPasswordButNotAuthorisedToSendNonPersistent() throws Exception {
>       ConnectionFactory connectionFactory = new ActiveMQConnectionFactory("tcp://localhost:61616");
>       Connection connection = connectionFactory.createConnection("guest", "guest");
>       Session session = connection.createSession();
>       Destination destination = session.createQueue("guest.cannot.send");
>       MessageProducer messageProducer = session.createProducer(destination);
>       messageProducer.setDeliveryMode(DeliveryMode.NON_PERSISTENT);
>       try {
>          messageProducer.send(session.createTextMessage("hello"));
>          fail("JMSSecurityException expected as guest is not allowed to send");
>       } catch (JMSSecurityException activeMQSecurityException){
>          //pass
>       }
>       connection.close();
>    }



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)