activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Torsten Mielke <tors...@fusesource.com>
Subject Re: Security bug in authorization system?
Date Mon, 14 Nov 2011 17:18:42 GMT
Hello,


I have debugged your unit test today and the reason for not getting an authorization exception
in test accessToProtectedTopicWithWildcardsDestinationAsUserShouldFail() is that the AuthorizationBroker
appends the security roles of all of the sub nodes in its authorization configuration.

You have entries for "messages.>" as well as "messages.cat1" and "messages.cat" in your
authorization config. 
Because of the wildcard in "messages.>" it appends the group names of all sub nodes. From
the entry "messages.cat1" it also adds the "users" groups. 

This is a bug IMHO. Although I believe there must be some reason for adding the authorization
groups of sub nodes in the brokers authorization plugin at runtime.
Do you mind raising a JIRA ticket and attaching your JUnit test?



Thanks,

Torsten Mielke
torsten@fusesource.com
tmielke@blogspot.com




On Nov 12, 2011, at 7:29 PM, Thorsten Panitz wrote:

> Hi,
> 
> I'm working for 6 month with ActiveMQ so this could be a misconfiguration on my side.
Here is the problem.
> 
> We are using the default authentication/authorization system as described in http://activemq.apache.org/security.html#Security-Authorization
with the following configuration:
> 
> <plugins>
>    <simpleAuthenticationPlugin>
>        <users>
>            <authenticationUser
>                  username="admin"
>                  password="admin"
>                  groups="admins"/>
>            <authenticationUser
>                  username="user"
>                  password="user"
>                  groups="users"/>
>        </users>
>    </simpleAuthenticationPlugin>
>    <authorizationPlugin>
>        <map>
>            <authorizationMap>
>                <authorizationEntries>
>                    <authorizationEntry topic="messages.>"
>                                        read="admins"
>                                        write="admins"
>                                        admin="admins"/>
>                    <authorizationEntry topic="messages.cat2"
>                                        read="admins"
>                                        write="admins"
>                                        admin="admins"/>
>                    <authorizationEntry topic="messages.cat1"
>                                        read="admins, users"
>                                        write="admins, users"
>                                        admin="admins, users"/>
>                    <authorizationEntry topic="ActiveMQ.Advisory.>"
>                                        read="admins, users"
>                                        write="admins, users"
>                                        admin="admins, users"/>
>                </authorizationEntries>
>            </authorizationMap>
>        </map>
>    </authorizationPlugin>
> </plugins>
> 
> As exepected, clients connecting as "user" to the topic "messages.cat2" get an exception
("User user is not authorized to read from: topic://messages.cat2"). Suprisingly "user" can
receive messages from topic "messages.cat2" if he creates a consumer with the destination
"messages.>":
> 
> <code>
> final Destination destination = new ActiveMQTopic("messages.>");
> final Connection conn = new ActiveMQConnectionFactory("user", "user",
>    BROKER_URL).createConnection();
> final Session session = conn.createSession(false, Session.AUTO_ACKNOWLEDGE);
> final MessageConsumer consumer = session.createConsumer(destination);
> conn.start();
> closure.run();
> final Message message = consumer.receive(TIMEOUT);
> session.close();
> conn.close();
> </code>
> 
> IMHO this behaviour is a security problem as an unprivileged user can receive messages
from a protected topic or queue!
> 
> I've attached a maven project with JUnit tests showing the problem.
> 
> 
> Environment:
> 
> OS: Mac OS X 10.6.8
> JRE/JDK: 1.6.0_29
> ActiveMQ: 5.5.0
> 
> 
> Thanks for your help!
> 
> 
> Regards,
> 
>   Thorsten
> 
> <ActiveMQAuthorizationTestProject.zip>






Mime
View raw message