[jira] [Comment Edited] (ARTEMIS-2959) Validate against cluster user name uniqueness

["Justin Bertram (Jira)" <ji...@apache.org>]

    [ https://issues.apache.org/jira/browse/ARTEMIS-2959?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17281157#comment-17281157 ] 

Justin Bertram edited comment on ARTEMIS-2959 at 2/8/21, 3:50 PM:
------------------------------------------------------------------

Given that security is pluggable (e.g. via customer SecurityManager implementations as well as custome JAAS login modules) I don't see how the broker can reliably detect whether or not the {{cluster-user}} exists in the security repository.


was (Author: jbertram):
Given that security is pluggable (e.g. via customer SecurityManager implementations as well as customer JAAS login modules) I don't see how the broker can reliably detect whether or not the {{cluster-user}} exists in the security repository.

> Validate against cluster user name uniqueness
> ---------------------------------------------
>
>                 Key: ARTEMIS-2959
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-2959
>             Project: ActiveMQ Artemis
>          Issue Type: Bug
>          Components: Broker
>    Affects Versions: 2.15.0
>            Reporter: Howard Gao
>            Priority: Minor
>
> The broker has a special cluster user and cluster password and when doing
> authentication it always check the cluster user first.
> If user configures a cluster user name that is the same as one of it's
> normal users, the broker always authenticate that normal user
> against the cluster password which is not right and probably failed
> authentication as the cluster password usually not the same as
> the normal user's password.
> To avoid such a case the broker should check the configuration
> during startup and if the cluster user name collides with a normal
> user name, it should report as an error.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)