You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "Nicolae (Jira)" <ji...@apache.org> on 2019/09/20 08:45:00 UTC
[jira] [Updated] (AMQ-7307) Using MessageAuthorizationPolicy gets
into infinite retry loop
[ https://issues.apache.org/jira/browse/AMQ-7307?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nicolae updated AMQ-7307:
-------------------------
Description:
We are trying to do authorization on message by message basis by validating an OIDC JWT token attached as property to each message. The way that I found so far (but please let us know for alternatives) is to implement MessageAuthorizationPolicy and return true if message to be accepted from security standpoint.
The problem we face is that those rejected messages are retried. But the token is the same, and the answer will continue to be negative. Is there a way to disable retries, but only for those rejected by MessageAuthorizationPolicy ?
Thank you.
PS. I am not sure if it is a bug, we are just trying to solve our problem.
We use shared storage with EFS, kahadb.
The message delivery appears to happen on a Queue.
What I know is that we use topics and virtual topics related to each individual consumer (microservice) and those virtual topics do function as queues. This is my limited understanding so far at least, I had experience with Apache Kafka before but not with JMS providers. Thanks
was:
We are trying to do authorization on message by message basis by validating an OIDC JWT token attached as property to each message. The way that I found so far (but please let us know for alternatives) is to implement MessageAuthorizationPolicy and return true if message to be accepted from security standpoint.
The problem we face is that those rejected messages are retried. But the token is the same, and the answer will continue to be negative. Is there a way to disable retries, but only for those rejected by MessageAuthorizationPolicy ?
Thank you.
PS. I am not sure if it is a bug, we are just trying to solve our problem.
We use shared storage with EFS, kahadb.
The message delivery appears to happen on a Queue.
What I know is that we use topics and virtual topics related to each individual consumer (microservice) and those virtual topics do function as queues. This is my limited understanding so far at least, I had experience with Kafka before. Thanks
> Using MessageAuthorizationPolicy gets into infinite retry loop
> ---------------------------------------------------------------
>
> Key: AMQ-7307
> URL: https://issues.apache.org/jira/browse/AMQ-7307
> Project: ActiveMQ
> Issue Type: Bug
> Components: activemq-pool
> Affects Versions: 5.15.10
> Environment: Locally with docker compose, but it should not be related to env.
> Reporter: Nicolae
> Priority: Major
>
> We are trying to do authorization on message by message basis by validating an OIDC JWT token attached as property to each message. The way that I found so far (but please let us know for alternatives) is to implement MessageAuthorizationPolicy and return true if message to be accepted from security standpoint.
> The problem we face is that those rejected messages are retried. But the token is the same, and the answer will continue to be negative. Is there a way to disable retries, but only for those rejected by MessageAuthorizationPolicy ?
> Thank you.
> PS. I am not sure if it is a bug, we are just trying to solve our problem.
> We use shared storage with EFS, kahadb.
> The message delivery appears to happen on a Queue.
> What I know is that we use topics and virtual topics related to each individual consumer (microservice) and those virtual topics do function as queues. This is my limited understanding so far at least, I had experience with Apache Kafka before but not with JMS providers. Thanks
--
This message was sent by Atlassian Jira
(v8.3.4#803005)