[ https://issues.apache.org/jira/browse/ARTEMIS-1545?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16329337#comment-16329337 ]
ASF GitHub Bot commented on ARTEMIS-1545: ----------------------------------------- Github user clebertsuconic commented on the issue: https://github.com/apache/activemq-artemis/pull/1733 @michaelandrepearce I promise I will get here by next week :) > JMS MessageProducer fails to expose exception on send when message is sent > non-persistent, but not authorised > ------------------------------------------------------------------------------------------------------------- > > Key: ARTEMIS-1545 > URL: https://issues.apache.org/jira/browse/ARTEMIS-1545 > Project: ActiveMQ Artemis > Issue Type: Bug > Reporter: Michael Andre Pearce > Priority: Major > > When sending persistent, behaviour is blocking and a Security exception is > thrown. The same behaviour that the client is exposed to the client when > sending non-persistent, so that a client could log or take action > asynchronously. > This can be recreated easily by the following: > Add the following security section , that means guest is not auth'd to send > to "guest.cannot.send" > activemq-artemis/tests/jms-tests/src/test/resources/broker.xml > <security-setting match="guest.cannot.send"> > <permission type="createDurableQueue" roles="guest,def"/> > <permission type="deleteDurableQueue" roles="guest,def"/> > <permission type="createNonDurableQueue" roles="guest,def"/> > <permission type="deleteNonDurableQueue" roles="guest,def"/> > <permission type="consume" roles="guest,def"/> > <permission type="browse" roles="guest,def"/> > <permission type="send" roles="def"/> > </security-setting> > Then add the following tests to this test (first is proving exception > correctly is thrown when persistent is sent using jms api, and second shows > behaviour difference and no error): > activemq-artemis/tests/jms-tests/src/test/java/org/apache/activemq/artemis/jms/tests/SecurityTest.java > /** > * Login with valid user and password > * But try send to address not authorised - Persistent > * Should not allow and should throw exception > */ > @Test > public void testLoginValidUserAndPasswordButNotAuthorisedToSend() throws > Exception { > ConnectionFactory connectionFactory = new > ActiveMQConnectionFactory("tcp://localhost:61616"); > Connection connection = connectionFactory.createConnection("guest", > "guest"); > Session session = connection.createSession(); > Destination destination = session.createQueue("guest.cannot.send"); > MessageProducer messageProducer = session.createProducer(destination); > try { > messageProducer.send(session.createTextMessage("hello")); > fail("JMSSecurityException expected as guest is not allowed to > send"); > } catch (JMSSecurityException activeMQSecurityException){ > //pass > } > connection.close(); > } > /** > * Login with valid user and password > * But try send to address not authorised - Non Persistent. > * Should have same behaviour as Persistent with exception on send. > */ > @Test > public void > testLoginValidUserAndPasswordButNotAuthorisedToSendNonPersistent() throws > Exception { > ConnectionFactory connectionFactory = new > ActiveMQConnectionFactory("tcp://localhost:61616"); > Connection connection = connectionFactory.createConnection("guest", > "guest"); > Session session = connection.createSession(); > Destination destination = session.createQueue("guest.cannot.send"); > MessageProducer messageProducer = session.createProducer(destination); > messageProducer.setDeliveryMode(DeliveryMode.NON_PERSISTENT); > try { > messageProducer.send(session.createTextMessage("hello")); > fail("JMSSecurityException expected as guest is not allowed to > send"); > } catch (JMSSecurityException activeMQSecurityException){ > //pass > } > connection.close(); > } -- This message was sent by Atlassian JIRA (v7.6.3#76005)