You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2017/12/07 23:09:00 UTC
[jira] [Commented] (ARTEMIS-1545) JMS MessageProducer fails to
throw security exception on send when message is sent non-persistent, but
not authorised
[ https://issues.apache.org/jira/browse/ARTEMIS-1545?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16282682#comment-16282682 ]
ASF GitHub Bot commented on ARTEMIS-1545:
-----------------------------------------
GitHub user michaelandrepearce opened a pull request:
https://github.com/apache/activemq-artemis/pull/1695
ARTEMIS-1545 Ensure JMS security exceptions occur if NON-PERSISTENT
Add test case to ensure exception behaviour on JMS MessageProducer send is the same, if message is sent persistently or non-persistently when using default settings.
Update default setting to ensure behaviour is the same, as per expectation when using JMS by default. (e.g. no setting overrides)
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/michaelandrepearce/activemq-artemis ARTEMIS-1545
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/activemq-artemis/pull/1695.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #1695
----
commit 4bf4c9ba02fd85f01fcb958ae5bf4e27cb4aefc1
Author: Michael André Pearce <mi...@me.com>
Date: 2017-12-07T23:07:40Z
ARTEMIS-1545 Ensure JMS security exceptions occur if NON-PERSISTENT
Add test case to ensure exception behaviour on JMS MessageProducer send is the same, if message is sent persistently or non-persistently when using default settings.
Update default setting to ensure behaviour is the same, as per expectation when using JMS by default. (e.g. no setting overrides)
----
> JMS MessageProducer fails to throw security exception on send when message is sent non-persistent, but not authorised
> ---------------------------------------------------------------------------------------------------------------------
>
> Key: ARTEMIS-1545
> URL: https://issues.apache.org/jira/browse/ARTEMIS-1545
> Project: ActiveMQ Artemis
> Issue Type: Bug
> Reporter: Michael Andre Pearce
>
> When sending persistent, behaviour is as expected and a Security exception is thrown. The same behaviour should be expected when sending non-persistent, by default.
> This can be recreated easily by the following:
> Add the following security section , that means guest is not auth'd to send to "guest.cannot.send"
> activemq-artemis/tests/jms-tests/src/test/resources/broker.xml
> <security-setting match="guest.cannot.send">
> <permission type="createDurableQueue" roles="guest,def"/>
> <permission type="deleteDurableQueue" roles="guest,def"/>
> <permission type="createNonDurableQueue" roles="guest,def"/>
> <permission type="deleteNonDurableQueue" roles="guest,def"/>
> <permission type="consume" roles="guest,def"/>
> <permission type="browse" roles="guest,def"/>
> <permission type="send" roles="def"/>
> </security-setting>
> Then add the following tests to this test (first is proving exception correctly is thrown when persistent is sent using jms api, and second shows behaviour difference and no error):
> activemq-artemis/tests/jms-tests/src/test/java/org/apache/activemq/artemis/jms/tests/SecurityTest.java
> /**
> * Login with valid user and password
> * But try send to address not authorised - Persistent
> * Should not allow and should throw exception
> */
> @Test
> public void testLoginValidUserAndPasswordButNotAuthorisedToSend() throws Exception {
> ConnectionFactory connectionFactory = new ActiveMQConnectionFactory("tcp://localhost:61616");
> Connection connection = connectionFactory.createConnection("guest", "guest");
> Session session = connection.createSession();
> Destination destination = session.createQueue("guest.cannot.send");
> MessageProducer messageProducer = session.createProducer(destination);
> try {
> messageProducer.send(session.createTextMessage("hello"));
> fail("JMSSecurityException expected as guest is not allowed to send");
> } catch (JMSSecurityException activeMQSecurityException){
> //pass
> }
> connection.close();
> }
> /**
> * Login with valid user and password
> * But try send to address not authorised - Non Persistent.
> * Should have same behaviour as Persistent with exception on send.
> */
> @Test
> public void testLoginValidUserAndPasswordButNotAuthorisedToSendNonPersistent() throws Exception {
> ConnectionFactory connectionFactory = new ActiveMQConnectionFactory("tcp://localhost:61616");
> Connection connection = connectionFactory.createConnection("guest", "guest");
> Session session = connection.createSession();
> Destination destination = session.createQueue("guest.cannot.send");
> MessageProducer messageProducer = session.createProducer(destination);
> messageProducer.setDeliveryMode(DeliveryMode.NON_PERSISTENT);
> try {
> messageProducer.send(session.createTextMessage("hello"));
> fail("JMSSecurityException expected as guest is not allowed to send");
> } catch (JMSSecurityException activeMQSecurityException){
> //pass
> }
> connection.close();
> }
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)