activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dhiraj Bokde (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AMQ-5160) Wildcard subscriptions bypass Authentication / Authorization
Date Tue, 13 May 2014 20:21:16 GMT

    [ https://issues.apache.org/jira/browse/AMQ-5160?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13996851#comment-13996851
] 

Dhiraj Bokde commented on AMQ-5160:
-----------------------------------

Hi Surf,

I had a discussion with Dejan about the other option of using Retroactive consumers, and I
believe I have come up with a solution in PR22 that works elegantly for both MQTT and JMS
clients. 

Can you test PR-22 with your test client and verify that it works? Since it includes major
changes to MQTT transport and minor changes to Broker core classes, it should be thoroughly
tested and validated before being applied. 

Regards,
Dhiraj. 

> Wildcard subscriptions bypass Authentication / Authorization
> ------------------------------------------------------------
>
>                 Key: AMQ-5160
>                 URL: https://issues.apache.org/jira/browse/AMQ-5160
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: MQTT
>    Affects Versions: 5.9.1
>            Reporter: Surf
>            Priority: Critical
>              Labels: authentication, authorization, mqtt, security
>             Fix For: 5.10.0
>
>         Attachments: activemq.xml, groups.properties, login.config, patch.txt, users.properties
>
>
> I am using MQTT on AMQ 5.9.1
> After latest MQTT hardening from [~dhirajsb] , there is an issue of MQTT retained messages.
> Simple case:
> Set Authentication / Authorization for two different TOPICS.
> Send retained message to one topic.
> Try to subscribe "#" with other second user.
> It will show retained messages published by TOPIC 1. 
> here i have attached test configurations.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message