You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "Justin Bertram (Jira)" <ji...@apache.org> on 2022/01/24 17:00:00 UTC
[jira] [Commented] (ARTEMIS-3656) Client session limit is evaluated incorrectly for ssl connections
[ https://issues.apache.org/jira/browse/ARTEMIS-3656?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17481249#comment-17481249 ]
Justin Bertram commented on ARTEMIS-3656:
-----------------------------------------
Thanks for the bug report! Do you plan to send a PR or are you just reporting it?
> Client session limit is evaluated incorrectly for ssl connections
> -----------------------------------------------------------------
>
> Key: ARTEMIS-3656
> URL: https://issues.apache.org/jira/browse/ARTEMIS-3656
> Project: ActiveMQ Artemis
> Issue Type: Bug
> Affects Versions: 2.17.0
> Reporter: Alexander
> Priority: Major
>
> Client session limit is evaluated incorrectly for SSL connections.
> For authentication, the {{org.apache.activemq.artemis.spi.core.security.jaas.TextFileCertificateLoginModule}} module is used (clients do not specify a user and password to create connections).
> In this case, the user can enter any other user, and the connection count check will be performed for the specified user (so {{validatedUser}} must be used).
> The problem is in the {{org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl#getSessionCountForUser}} method. The check is not based on {{validatedUser}} but on {{user}} (which users do not enter). As a result we get a {{NullPointerException}} in the code below.
> {code:java}
> private int getSessionCountForUser(String username) {
> int sessionCount = 0;
> for (Entry<String, ServerSession> sessionEntry : sessions.entrySet()) {
> if (sessionEntry.getValue().getUsername().equals(username)) { // change to sessionEntry.getValue().getValidatedUser()....
> sessionCount++;
> }
> }
> return sessionCount;
> }{code}
>
> Files in {{etc}} folder:
> 1) {{login.config}}:
> {noformat}
> CertLogin {
> org.apache.activemq.artemis.spi.core.security.jaas.TextFileCertificateLoginModule requisite
> debug=false
> reload=true
> org.apache.activemq.jaas.textfiledn.user="cert-users.properties"
> org.apache.activemq.jaas.textfiledn.role="cert-roles.properties";
> };{noformat}
> 2) {{broker.xml}}:
> {code:xml}
> <resource-limit-settings>
> <resource-limit-setting match="user1">
> <max-connections>5</max-connections>
> </resource-limit-setting>
> </resource-limit-settings>
> <acceptors>
> <acceptor name="artemis">tcp://0.0.0.0:60001?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;amqpMinLargeMessageSize=102400;protocols=CORE,AMQP,STOMP,HORNETQ,MQTT,OPENWIRE;useEpoll=true;amqpCredits=1000;amqpLowCredits=300;amqpDuplicateDetection=true;sslEnabled=true;keyStorePath=/app/artemis/ssl/artemis_server_gw.jks;trustStorePath=/app/artemis/ssl/artemis_server_gw.jks;keyStorePassword=secret;trustStorePassword=secret;enabledCipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA256;enabledProtocols=TLSv1.2;needClientAuth=true</acceptor>
> </acceptors>{code}
--
This message was sent by Atlassian Jira
(v8.20.1#820001)