activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Claus Ibsen (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (AMQ-3598) Unprivileged users can receive messages from a protected topic when using wildcards in destination
Date Sun, 03 Nov 2013 07:07:17 GMT

     [ https://issues.apache.org/jira/browse/AMQ-3598?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Claus Ibsen updated AMQ-3598:
-----------------------------

    Fix Version/s: 5.10.0

> Unprivileged users can receive messages from a protected topic when using wildcards in
destination
> --------------------------------------------------------------------------------------------------
>
>                 Key: AMQ-3598
>                 URL: https://issues.apache.org/jira/browse/AMQ-3598
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: Broker
>    Affects Versions: 5.5.0, 5.5.1
>         Environment: OS: Mac OS X 10.6.8
> JRE/JDK: 1.6.0_29
> ActiveMQ: 5.5.0
>            Reporter: Thorsten Panitz
>            Assignee: Claus Ibsen
>              Labels: authorization, security
>             Fix For: 5.10.0
>
>         Attachments: AMQ-3598.patch, ActiveMQAuthorizationBug.zip
>
>
> A consumer can receive messages from protected queues/topics if he uses a Destination
which contains a wildcard as described [here|http://activemq.apache.org/wildcards.html]:
> {code:language=java}
> Destination queue = new ActiveMQQueue("messages.>");
> Destination topic = new ActiveMQTopic(">");
> {code}
> We are using the default authentication/authorization system as described in [Security
Authentication/Authorization|http://activemq.apache.org/security.html#Security-Authorization]
with the following configuration:
> {code:title=broker.xml|language=xml}
> <plugins>
>     <simpleAuthenticationPlugin>
>         <users>
>             <authenticationUser
>                   username="admin"
>                   password="admin"
>                   groups="admins"/>
>             <authenticationUser
>                   username="user"
>                   password="user"
>                   groups="users"/>
>         </users>
>     </simpleAuthenticationPlugin>
>     <authorizationPlugin>
>         <map>
>             <authorizationMap>
>                 <authorizationEntries>
>                     <authorizationEntry topic="messages.>"
>                                         read="admins"
>                                         write="admins"
>                                         admin="admins"/>
>                     <authorizationEntry topic="messages.cat2"
>                                         read="admins"
>                                         write="admins"
>                                         admin="admins"/>
>                     <authorizationEntry topic="messages.cat1"
>                                         read="admins, users"
>                                         write="admins, users"
>                                         admin="admins, users"/>
>                     <authorizationEntry topic="ActiveMQ.Advisory.>"
>                                         read="admins, users"
>                                         write="admins, users"
>                                         admin="admins, users"/>
>                 </authorizationEntries>
>             </authorizationMap>
>         </map>
>     </authorizationPlugin>
> </plugins>
> {code}
> As exepected, clients connecting as "user" to the topic "messages.cat2" get an exception
("User user is not authorized to read from: topic://messages.cat2"). Suprisingly "user" can
receive messages from topic "messages.cat2" if he creates a consumer with the destination
"messages.>":
> {code:title=consumer.java|language=java}
> final Destination destination = new ActiveMQTopic("messages.>");
> final Connection conn = new ActiveMQConnectionFactory("user", "user", BROKER_URL).createConnection();
> final Session session = conn.createSession(false, Session.AUTO_ACKNOWLEDGE);
> final MessageConsumer consumer = session.createConsumer(destination);
> conn.start();
> closure.run();
> final Message message = consumer.receive(TIMEOUT);
> session.close();
> conn.close(); 
> {code}
> IMHO this behaviour is a security problem as an unprivileged user can receive messages
from a protected topic or queue!



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Mime
View raw message