activemq-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ARTEMIS-1872) Correctly check for queue exists before creating shared queue
Date Thu, 24 May 2018 16:41:00 GMT

    [ https://issues.apache.org/jira/browse/ARTEMIS-1872?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16489347#comment-16489347
] 

ASF GitHub Bot commented on ARTEMIS-1872:
-----------------------------------------

GitHub user jbertram opened a pull request:

    https://github.com/apache/activemq-artemis/pull/2108

    ARTEMIS-1872 fix security tests

    After the new authn change for creating addresses a bunch of tests need
    to be updated to include the proper permissions.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/jbertram/activemq-artemis ARTEMIS-1872

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/activemq-artemis/pull/2108.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #2108
    
----
commit 472b6de8ebcccade86f36e128780afb72e67ac79
Author: Justin Bertram <jbertram@...>
Date:   2018-05-24T16:34:34Z

    ARTEMIS-1872 fix security tests
    
    After the new authn change for creating addresses a bunch of tests need
    to be updated to include the proper permissions.

----


> Correctly check for queue exists before creating shared queue
> -------------------------------------------------------------
>
>                 Key: ARTEMIS-1872
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-1872
>             Project: ActiveMQ Artemis
>          Issue Type: Bug
>    Affects Versions: 2.5.0
>            Reporter: Michael Andre Pearce
>            Priority: Major
>
> Prior to 2.5.0, artemis incorrectly always checked the perms for Non Durable on createSharedQueue
, even if the queue being created was a Durable queue.
> securityCheck(address, name, CheckType.*_CREATE_NON_DURABLE_QUEUE_*, *this*);
>  
> In 2.5.0+ this has been corrected, so it checks the permissions appropriately for the
durability.
> securityCheck(address, name, durable ? CheckType.*_CREATE_DURABLE_QUEUE_* : CheckType.*_CREATE_NON_DURABLE_QUEUE_*,
*this*);
>  
> This though has exposed that in some area's of the Core client code, and also AMQP, and
OpenWire that the code isn't checking that queue exists before calling to create it, meaning
a client with consume permission but without create durable queue permissions, would fail
but should not as the queue exists.
> Also it was noted on creating the test case to prove this that AMQP JMS Client when security
exception occurs, was not correctly throwing JMSSecurityException, this is due to the broker
not returning the correct AMQP error code, in these circumstances.
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message