[
https://issues.apache.org/jira/browse/AMQ-3166?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Arthur Naseef updated AMQ-3166:
-------------------------------
Description:
Client calls to createProducer() always return without an error even though a
BrokerFilter's addProducer() method throws an exception on the request. In
contrast, createConsumer() throws an exception, as expected, when
BrokerFilter's addConsumer() throws an exception.
Clients using transacted sessions always return successfully from send() when a
BrokerFilter's send() method throws an exception.
Below is a broker configuration file using <authorizationPlugin> to illustrate
the problem.
To reproduce the problem With this configuration, a test client only needs to
connect with user = "user" and password = "password", and then attempt to
produce messages with a transacted session to any queue other than ABC (e.g.
DEF).
Tracing the cause of the issue has lead to finding that the client code for
creating a producer uses an Async send for the producer information. The
analogous code for consumers uses a Sync send.
I will work on a patch. It would be very helpful to have feedback on the
operation of the bus and the best way to resolve this problem. Based on my
research, it seems that createProducer() should be using a Sync send in place
of the Async one. Not yet sure about send(). Another possibility is to move
the security operations to earlier in the internal broker flow.
=== SAMPLE BROKER XML ===
<beans
xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://activemq.apache.org/schema/core
http://activemq.apache.org/schema/core/activemq-core.xsd";>
<broker xmlns="http://activemq.apache.org/schema/core";
brokerName="localhost"
dataDirectory="${activemq.base}/data"
destroyApplicationContextOnStop="true" >
<persistenceAdapter>
<kahaDB directory="${activemq.base}/data/kahadb"/>
</persistenceAdapter>
<plugins>
<simpleAuthenticationPlugin anonymousAccessAllowed="true">
<users>
<authenticationUser username="user" password="password"
groups="users"/>
</users>
</simpleAuthenticationPlugin>
<authorizationPlugin>
<map>
<authorizationMap>
<authorizationEntries>
<authorizationEntry queue="ABC" read="users"
write="users" admin="users" />
<authorizationEntry topic="ActiveMQ.Advisory.>"
read="users" write="users" admin="users" />
</authorizationEntries>
</authorizationMap>
</map>
</authorizationPlugin>
</plugins>
<transportConnectors>
<transportConnector name="openwire" uri="tcp://0.0.0.0:61616"/>
</transportConnectors>
</broker>
</beans>
was:
Client calls to createProducer() always return without an error even though a
BrokerFilter's addProducer() method throws an exception on the request. In
contrast, createConsumer() throws an exception, as expected, when
BrokerFilter's addConsumer() throws an exception.
Clients using transacted sessions always return successfully from send() when a
BrokerFilter's send() method throws an exception.
Below is a broker configuration file using <authorizationPlugin> to illustrate
the problem.
To reproduce the problem With this configuration, a test client only needs to
connect with user = "user" and password = "password", and then attempt to
produce messages with a transacted session to any queue other than ABC (e.g.
DEF).
Tracing the cause of the issue has lead to finding that the client code for
creating a producer uses an Async send for the producer information. The
analogous code for consumers uses a Sync send.
I will work on a patch. It would be very helpful to have feedback on the
operation of the bus and the best way to resolve this problem. Based on my
research, it seems that createProducer() should be using a Sync send in place
of the Async one. Not yet sure about send(). Another possibility is to move
the security operations to earlier in the internal broker flow.
=== SAMPLE BROKER XML ===
<pre>
<beans
xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://activemq.apache.org/schema/core
http://activemq.apache.org/schema/core/activemq-core.xsd";>
<broker xmlns="http://activemq.apache.org/schema/core";
brokerName="localhost"
dataDirectory="${activemq.base}/data"
destroyApplicationContextOnStop="true" >
<persistenceAdapter>
<kahaDB directory="${activemq.base}/data/kahadb"/>
</persistenceAdapter>
<plugins>
<simpleAuthenticationPlugin anonymousAccessAllowed="true">
<users>
<authenticationUser username="user" password="password"
groups="users"/>
</users>
</simpleAuthenticationPlugin>
<authorizationPlugin>
<map>
<authorizationMap>
<authorizationEntries>
<authorizationEntry queue="ABC" read="users"
write="users" admin="users" />
<authorizationEntry topic="ActiveMQ.Advisory.>"
read="users" write="users" admin="users" />
</authorizationEntries>
</authorizationMap>
</map>
</authorizationPlugin>
</plugins>
<transportConnectors>
<transportConnector name="openwire" uri="tcp://0.0.0.0:61616"/>
</transportConnectors>
</broker>
</beans>
</pre>
> client calls to createProducer() and send() successful even though
> BrokerFilter methods throw exceptions
> --------------------------------------------------------------------------------------------------------
>
> Key: AMQ-3166
> URL: https://issues.apache.org/jira/browse/AMQ-3166
> Project: ActiveMQ
> Issue Type: Bug
> Components: Broker, JMS client
> Affects Versions: 5.4.2
> Reporter: Arthur Naseef
>
> Client calls to createProducer() always return without an error even though a
> BrokerFilter's addProducer() method throws an exception on the request. In
> contrast, createConsumer() throws an exception, as expected, when
> BrokerFilter's addConsumer() throws an exception.
> Clients using transacted sessions always return successfully from send() when
> a BrokerFilter's send() method throws an exception.
> Below is a broker configuration file using <authorizationPlugin> to
> illustrate the problem.
> To reproduce the problem With this configuration, a test client only needs to
> connect with user = "user" and password = "password", and then attempt to
> produce messages with a transacted session to any queue other than ABC (e.g.
> DEF).
> Tracing the cause of the issue has lead to finding that the client code for
> creating a producer uses an Async send for the producer information. The
> analogous code for consumers uses a Sync send.
> I will work on a patch. It would be very helpful to have feedback on the
> operation of the bus and the best way to resolve this problem. Based on my
> research, it seems that createProducer() should be using a Sync send in place
> of the Async one. Not yet sure about send(). Another possibility is to move
> the security operations to earlier in the internal broker flow.
> === SAMPLE BROKER XML ===
> <beans
> xmlns="http://www.springframework.org/schema/beans";
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> xsi:schemaLocation="http://www.springframework.org/schema/beans
> http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
> http://activemq.apache.org/schema/core
> http://activemq.apache.org/schema/core/activemq-core.xsd";>
> <broker xmlns="http://activemq.apache.org/schema/core";
> brokerName="localhost"
> dataDirectory="${activemq.base}/data"
> destroyApplicationContextOnStop="true" >
> <persistenceAdapter>
> <kahaDB directory="${activemq.base}/data/kahadb"/>
> </persistenceAdapter>
>
> <plugins>
> <simpleAuthenticationPlugin anonymousAccessAllowed="true">
> <users>
> <authenticationUser username="user" password="password"
> groups="users"/>
> </users>
> </simpleAuthenticationPlugin>
> <authorizationPlugin>
> <map>
> <authorizationMap>
> <authorizationEntries>
> <authorizationEntry queue="ABC" read="users"
> write="users" admin="users" />
> <authorizationEntry topic="ActiveMQ.Advisory.>"
> read="users" write="users" admin="users" />
> </authorizationEntries>
> </authorizationMap>
> </map>
> </authorizationPlugin>
> </plugins>
> <transportConnectors>
> <transportConnector name="openwire" uri="tcp://0.0.0.0:61616"/>
> </transportConnectors>
> </broker>
> </beans>
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
