[
https://issues.apache.org/jira/browse/AMQ-9472?focusedWorklogId=913810&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-913810
]
ASF GitHub Bot logged work on AMQ-9472:
---------------------------------------
Author: ASF GitHub Bot
Created on: 10/Apr/24 04:34
Start Date: 10/Apr/24 04:34
Worklog Time Spent: 10m
Work Description: thezbyg commented on PR #1198:
URL: https://github.com/apache/activemq/pull/1198#issuecomment-2046523027
> So this is just how the broker currently works to handle wildcard
subscriptions, since you are publishing to a wildcard topic then any
subscription that matches needs to also subscribe tot he wildcard to get that
message.
Thanks for the explanation. Everything makes sense, except that
auto-creation of wildcard topic can also be triggered by a wildcard consumer
and results in the same issue. This happens when subscribing to wildcard topic
by using STOMP protocol.
In the broker code I can see that wildcard topic is not auto-created for
wildcard or composite consumer destination:
https://github.com/apache/activemq/blob/e025e443e65d4bd3c2c27f11d6caa7bfbd2c9626/activemq-broker/src/main/java/org/apache/activemq/broker/region/AbstractRegion.java#L344
No such condition exists in processConsumerControl() method:
https://github.com/apache/activemq/blob/e025e443e65d4bd3c2c27f11d6caa7bfbd2c9626/activemq-broker/src/main/java/org/apache/activemq/broker/region/AbstractRegion.java#L694
When using STOMP protocol, processConsumerControl() is called immediately
after subscribe and auto-creates the wildcard topic.
Issue Time Tracking
-------------------
Worklog Id: (was: 913810)
Time Spent: 1h 20m (was: 1h 10m)
> Wildcard publisher auto-creates wildcard topic and breaks authorization
> -----------------------------------------------------------------------
>
> Key: AMQ-9472
> URL: https://issues.apache.org/jira/browse/AMQ-9472
> Project: ActiveMQ Classic
> Issue Type: Bug
> Components: Broker
> Reporter: Albertas Vyšniauskas
> Assignee: Jean-Baptiste Onofré
> Priority: Major
> Time Spent: 1h 20m
> Remaining Estimate: 0h
>
> Hi,
> after publishing a message to wildcard topic, a wildcard topic is
> auto-created and interacts poorly with authorization rules.
> Suppose that authorization map contains the following entries:
> <authorizationEntry read="admin" write="admin" admin="admin" topic=">" />
> <authorizationEntry read="user" topic="A.B" />
> Admin creates "A.B" topic and publishes a message to "A.>" causing
> auto-creation of "A.>" topic.
> User attempts to consume "A.B" topic, but receives "User user is not
> authorized to read from: topic://A.>" error.
> I asked on user mailing list if wildcard publishing is supposed to work at
> all, as I could not find any documentation about that. Unfortunately I did
> not receive any response, so I have to assume that it does.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
