activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Torsten Mielke (JIRA)" <j...@apache.org>
Subject [jira] [Created] (AMQ-5141) Message expiry that is done as part of a removeSubscription command should not use the clients credentials.
Date Fri, 11 Apr 2014 11:33:14 GMT
Torsten Mielke created AMQ-5141:
-----------------------------------

             Summary: Message expiry that is done as part of a removeSubscription command
should not use the clients credentials.
                 Key: AMQ-5141
                 URL: https://issues.apache.org/jira/browse/AMQ-5141
             Project: ActiveMQ
          Issue Type: Bug
          Components: Broker
    Affects Versions: 5.9.0
            Reporter: Torsten Mielke


If the broker handles a RemoveInfo command it may also kick off a message expiry check for
(I presume) any prefetched messages. If messages are to be expired they get sent to ActiveMQ.DLQ
by default. See stack trace in next comment.

If the broker is security enabled with authorization turned on and messages get sent to DLQ
as a result of the expiry check then the broker uses the client's security context when sending
the messages to DLQ. 
This implies the client user needs to have write access to ActiveMQ.DLQ. 

As this may happen with any other client, all client users will require write access to ActiveMQ.DLQ,
which may not be appropriate from a security point of view. 

The broker regularly runs an expiry check and uses a broker internal security context for
this task. In my opinion this same broker internal security context should be used when expiring
messages as part of the RemoveInfo command. The broker should not use the client's security
context. 

[1]
The current behavior can raise the following SecurityException if the client user does not
have write access to ActiveMQ.DLQ

{code}
2014-04-11 08:11:22,229 | WARN  | 2.38:61201@61616 | RegionBroker | ivemq.broker.region.RegionBroker
 703 | 
105 - org.apache.activemq.activemq-osgi - 5.8.0.redhat-60024 | Caught an exception sending
to DLQ: Message 
ID:S930A3085-50865-635327964441522304-1:1:363:2:1 dropped=false acked=false locked=true
java.lang.SecurityException: User Test is not authorized to write to: queue://ActiveMQ.DLQ
	at org.apache.activemq.security.AuthorizationBroker.send(AuthorizationBroker.java:197)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
	at org.apache.activemq.broker.MutableBrokerFilter.send(MutableBrokerFilter.java:135)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
	at org.apache.activemq.util.BrokerSupport.doResend(BrokerSupport.java:68)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
	at org.apache.activemq.util.BrokerSupport.resendNoCopy(BrokerSupport.java:38)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
	at org.apache.activemq.broker.region.RegionBroker.sendToDeadLetterQueue(RegionBroker.java:691)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
	at org.apache.activemq.broker.BrokerFilter.sendToDeadLetterQueue(BrokerFilter.java:262)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
	at org.apache.activemq.broker.BrokerFilter.sendToDeadLetterQueue(BrokerFilter.java:262)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
	at org.apache.activemq.advisory.AdvisoryBroker.sendToDeadLetterQueue(AdvisoryBroker.java:413)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
	at org.apache.activemq.broker.BrokerFilter.sendToDeadLetterQueue(BrokerFilter.java:262)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
	at org.apache.activemq.broker.BrokerFilter.sendToDeadLetterQueue(BrokerFilter.java:262)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
	at org.apache.activemq.broker.MutableBrokerFilter.sendToDeadLetterQueue(MutableBrokerFilter.java:274)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
	at org.apache.activemq.broker.util.RedeliveryPlugin.sendToDeadLetterQueue(RedeliveryPlugin.java:132)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
	at org.apache.activemq.broker.BrokerFilter.sendToDeadLetterQueue(BrokerFilter.java:262)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
	at org.apache.activemq.broker.BrokerFilter.sendToDeadLetterQueue(BrokerFilter.java:262)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
	at org.apache.activemq.broker.MutableBrokerFilter.sendToDeadLetterQueue(MutableBrokerFilter.java:274)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
	at org.apache.activemq.broker.region.RegionBroker.messageExpired(RegionBroker.java:659)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
	at org.apache.activemq.broker.BrokerFilter.messageExpired(BrokerFilter.java:257)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
	at org.apache.activemq.broker.BrokerFilter.messageExpired(BrokerFilter.java:257)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
	at org.apache.activemq.advisory.AdvisoryBroker.messageExpired(AdvisoryBroker.java:283)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
	at org.apache.activemq.broker.BrokerFilter.messageExpired(BrokerFilter.java:257)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
	at org.apache.activemq.broker.BrokerFilter.messageExpired(BrokerFilter.java:257)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
	at org.apache.activemq.broker.MutableBrokerFilter.messageExpired(MutableBrokerFilter.java:269)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
	at org.apache.activemq.broker.BrokerFilter.messageExpired(BrokerFilter.java:257)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
	at org.apache.activemq.broker.BrokerFilter.messageExpired(BrokerFilter.java:257)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
	at org.apache.activemq.broker.MutableBrokerFilter.messageExpired(MutableBrokerFilter.java:269)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
	at org.apache.activemq.broker.region.Queue.messageExpired(Queue.java:1671)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
	at org.apache.activemq.broker.region.PrefetchSubscription.dispatchPending(PrefetchSubscription.java:648)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
	at org.apache.activemq.broker.region.PrefetchSubscription.add(PrefetchSubscription.java:162)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
	at org.apache.activemq.broker.region.Queue.doActualDispatch(Queue.java:1907)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
	at org.apache.activemq.broker.region.Queue.doDispatch(Queue.java:1834)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
	at org.apache.activemq.broker.region.Queue.removeSubscription(Queue.java:576)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
	at org.apache.activemq.broker.region.AbstractRegion.removeConsumer(AbstractRegion.java:380)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
	at org.apache.activemq.broker.region.RegionBroker.removeConsumer(RegionBroker.java:364)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
	at org.apache.activemq.broker.jmx.ManagedRegionBroker.removeConsumer(ManagedRegionBroker.java:247)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
	at org.apache.activemq.broker.BrokerFilter.removeConsumer(BrokerFilter.java:117)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
	at org.apache.activemq.broker.BrokerFilter.removeConsumer(BrokerFilter.java:117)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
	at org.apache.activemq.advisory.AdvisoryBroker.removeConsumer(AdvisoryBroker.java:253)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
	at org.apache.activemq.broker.BrokerFilter.removeConsumer(BrokerFilter.java:117)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
	at org.apache.activemq.broker.BrokerFilter.removeConsumer(BrokerFilter.java:117)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
	at org.apache.activemq.broker.MutableBrokerFilter.removeConsumer(MutableBrokerFilter.java:123)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
	at org.apache.activemq.broker.BrokerFilter.removeConsumer(BrokerFilter.java:117)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
	at org.apache.activemq.broker.BrokerFilter.removeConsumer(BrokerFilter.java:117)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
	at org.apache.activemq.broker.MutableBrokerFilter.removeConsumer(MutableBrokerFilter.java:123)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
	at org.apache.activemq.broker.TransportConnection.processRemoveConsumer(TransportConnection.java:651)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
	at org.apache.activemq.command.RemoveInfo.visit(RemoveInfo.java:76)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
	at org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:329)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
	at org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:184)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
	at org.apache.activemq.transport.MutexTransport.onCommand(MutexTransport.java:50)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
	at org.apache.activemq.transport.WireFormatNegotiator.onCommand(WireFormatNegotiator.java:113)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
	at org.apache.activemq.transport.AbstractInactivityMonitor.onCommand(AbstractInactivityMonitor.java:288)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
	at org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:83)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
	at org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:214)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
	at org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:196)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
	at java.lang.Thread.run(Unknown Source)[:1.6.0_26]
{code}
 




--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message