[ https://issues.apache.org/jira/browse/AMQ-9472?focusedWorklogId=913960&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-913960 ]
ASF GitHub Bot logged work on AMQ-9472: --------------------------------------- Author: ASF GitHub Bot Created on: 10/Apr/24 13:58 Start Date: 10/Apr/24 13:58 Worklog Time Spent: 10m Work Description: cshannon commented on PR #1198: URL: https://github.com/apache/activemq/pull/1198#issuecomment-2047625950 @thezbyg - That is interesting, I do not see that happen when testing some of the Java STOMP tests we have but it could depend on the client. Regardless, that processConsumerControl() method has a bug and should be fixed I think and applies to really any protocol that might send it (even OpenWire if updating prefetch). The purpose of that lookup is to wake up an existing destination for dispatching. So in this case really we just want to be looking up and not creating. This is an edge case because normally the consumer control would not be sent if the consumer hadn't already subscribed and created the destination, so obviously wildcards break this if not already created. For a fix I think there's 2 options. One is to simply never create a destination in that method, just look up existing but I wonder if that could expose unintended bugs. Option 2 is probably safer and that is just to apply similar logic that exists in the `addConsumer() ` method where if it's a normal destination keep the current behavior, but if it's a pattern/wildcard we just do a lookup only and skip if not found. I can work on a PR for option 2, should be a simple fix and I think makes the most sense. I will likely open up a new JIRA since this isn't related to authorization or producing as the original Jira describes. Issue Time Tracking ------------------- Worklog Id: (was: 913960) Time Spent: 1.5h (was: 1h 20m) > Wildcard publisher auto-creates wildcard topic and breaks authorization > ----------------------------------------------------------------------- > > Key: AMQ-9472 > URL: https://issues.apache.org/jira/browse/AMQ-9472 > Project: ActiveMQ Classic > Issue Type: Bug > Components: Broker > Reporter: Albertas Vyšniauskas > Assignee: Jean-Baptiste Onofré > Priority: Major > Time Spent: 1.5h > Remaining Estimate: 0h > > Hi, > after publishing a message to wildcard topic, a wildcard topic is > auto-created and interacts poorly with authorization rules. > Suppose that authorization map contains the following entries: > <authorizationEntry read="admin" write="admin" admin="admin" topic=">" /> > <authorizationEntry read="user" topic="A.B" /> > Admin creates "A.B" topic and publishes a message to "A.>" causing > auto-creation of "A.>" topic. > User attempts to consume "A.B" topic, but receives "User user is not > authorized to read from: topic://A.>" error. > I asked on user mailing list if wildcard publishing is supposed to work at > all, as I could not find any documentation about that. Unfortunately I did > not receive any response, so I have to assume that it does. -- This message was sent by Atlassian Jira (v8.20.10#820010)