[ https://issues.apache.org/jira/browse/AMQ-9472?focusedWorklogId=913810&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-913810 ]
ASF GitHub Bot logged work on AMQ-9472: --------------------------------------- Author: ASF GitHub Bot Created on: 10/Apr/24 04:34 Start Date: 10/Apr/24 04:34 Worklog Time Spent: 10m Work Description: thezbyg commented on PR #1198: URL: https://github.com/apache/activemq/pull/1198#issuecomment-2046523027 > So this is just how the broker currently works to handle wildcard subscriptions, since you are publishing to a wildcard topic then any subscription that matches needs to also subscribe tot he wildcard to get that message. Thanks for the explanation. Everything makes sense, except that auto-creation of wildcard topic can also be triggered by a wildcard consumer and results in the same issue. This happens when subscribing to wildcard topic by using STOMP protocol. In the broker code I can see that wildcard topic is not auto-created for wildcard or composite consumer destination: https://github.com/apache/activemq/blob/e025e443e65d4bd3c2c27f11d6caa7bfbd2c9626/activemq-broker/src/main/java/org/apache/activemq/broker/region/AbstractRegion.java#L344 No such condition exists in processConsumerControl() method: https://github.com/apache/activemq/blob/e025e443e65d4bd3c2c27f11d6caa7bfbd2c9626/activemq-broker/src/main/java/org/apache/activemq/broker/region/AbstractRegion.java#L694 When using STOMP protocol, processConsumerControl() is called immediately after subscribe and auto-creates the wildcard topic. Issue Time Tracking ------------------- Worklog Id: (was: 913810) Time Spent: 1h 20m (was: 1h 10m) > Wildcard publisher auto-creates wildcard topic and breaks authorization > ----------------------------------------------------------------------- > > Key: AMQ-9472 > URL: https://issues.apache.org/jira/browse/AMQ-9472 > Project: ActiveMQ Classic > Issue Type: Bug > Components: Broker > Reporter: Albertas Vyšniauskas > Assignee: Jean-Baptiste Onofré > Priority: Major > Time Spent: 1h 20m > Remaining Estimate: 0h > > Hi, > after publishing a message to wildcard topic, a wildcard topic is > auto-created and interacts poorly with authorization rules. > Suppose that authorization map contains the following entries: > <authorizationEntry read="admin" write="admin" admin="admin" topic=">" /> > <authorizationEntry read="user" topic="A.B" /> > Admin creates "A.B" topic and publishes a message to "A.>" causing > auto-creation of "A.>" topic. > User attempts to consume "A.B" topic, but receives "User user is not > authorized to read from: topic://A.>" error. > I asked on user mailing list if wildcard publishing is supposed to work at > all, as I could not find any documentation about that. Unfortunately I did > not receive any response, so I have to assume that it does. -- This message was sent by Atlassian Jira (v8.20.10#820010)