[
https://issues.apache.org/jira/browse/AMQ-9472?focusedWorklogId=913960&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-913960
]
ASF GitHub Bot logged work on AMQ-9472:
---------------------------------------
Author: ASF GitHub Bot
Created on: 10/Apr/24 13:58
Start Date: 10/Apr/24 13:58
Worklog Time Spent: 10m
Work Description: cshannon commented on PR #1198:
URL: https://github.com/apache/activemq/pull/1198#issuecomment-2047625950
@thezbyg - That is interesting, I do not see that happen when testing some
of the Java STOMP tests we have but it could depend on the client. Regardless,
that processConsumerControl() method has a bug and should be fixed I think and
applies to really any protocol that might send it (even OpenWire if updating
prefetch).
The purpose of that lookup is to wake up an existing destination for
dispatching. So in this case really we just want to be looking up and not
creating. This is an edge case because normally the consumer control would not
be sent if the consumer hadn't already subscribed and created the destination,
so obviously wildcards break this if not already created.
For a fix I think there's 2 options. One is to simply never create a
destination in that method, just look up existing but I wonder if that could
expose unintended bugs. Option 2 is probably safer and that is just to apply
similar logic that exists in the `addConsumer() ` method where if it's a normal
destination keep the current behavior, but if it's a pattern/wildcard we just
do a lookup only and skip if not found.
I can work on a PR for option 2, should be a simple fix and I think makes
the most sense. I will likely open up a new JIRA since this isn't related to
authorization or producing as the original Jira describes.
Issue Time Tracking
-------------------
Worklog Id: (was: 913960)
Time Spent: 1.5h (was: 1h 20m)
> Wildcard publisher auto-creates wildcard topic and breaks authorization
> -----------------------------------------------------------------------
>
> Key: AMQ-9472
> URL: https://issues.apache.org/jira/browse/AMQ-9472
> Project: ActiveMQ Classic
> Issue Type: Bug
> Components: Broker
> Reporter: Albertas Vyšniauskas
> Assignee: Jean-Baptiste Onofré
> Priority: Major
> Time Spent: 1.5h
> Remaining Estimate: 0h
>
> Hi,
> after publishing a message to wildcard topic, a wildcard topic is
> auto-created and interacts poorly with authorization rules.
> Suppose that authorization map contains the following entries:
> <authorizationEntry read="admin" write="admin" admin="admin" topic=">" />
> <authorizationEntry read="user" topic="A.B" />
> Admin creates "A.B" topic and publishes a message to "A.>" causing
> auto-creation of "A.>" topic.
> User attempts to consume "A.B" topic, but receives "User user is not
> authorized to read from: topic://A.>" error.
> I asked on user mailing list if wildcard publishing is supposed to work at
> all, as I could not find any documentation about that. Unfortunately I did
> not receive any response, so I have to assume that it does.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
