[jira] [Created] (ARTEMIS-4929) Incorrect logging for anonymous user message acknowledgement events
Aleksandr Milovidov created ARTEMIS-4929: Summary: Incorrect logging for anonymous user message acknowledgement events Key: ARTEMIS-4929 URL: https://issues.apache.org/jira/browse/ARTEMIS-4929 Project: ActiveMQ Artemis Issue Type: Bug Affects Versions: 2.35.0 Reporter: Aleksandr Milovidov When messages in the queue are expired, it is logged in the audit log with events: AMQ601500: User admin(amq)@127.0.0.1:61979 sent a message CoreMessage ... AMQ601759: User anonymous@127.0.0.1:61979 added acknowledgement of a message from TEST: ... AMQ601502: User anonymous@127.0.0.1:61979 acknowledged message from TEST: ... Source IP address and port in these events are the same like in previous events (in this example, send message event). How to reproduce: - create default Artemis instance - enable message audit logging in log4j2.properties - send one test message with 1 second expiry using 127.0.0.1 loopback address - wait some seconds for message expiry - send another test message with expiry using computer's IP address - wait some seconds for message expiry - check audit.log for message send and acknowledge events Example commands: artemis producer --url=tcp://127.0.0.1:61616 --user=admin --password=admin --message-count=1 --msgttl=1000 artemis producer --url=tcp://192.168.0.1:61616 --user=admin --password=admin --message-count=1 --msgttl=1000 -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: issues-unsubscr...@activemq.apache.org For additional commands, e-mail: issues-h...@activemq.apache.org For further information, visit: https://activemq.apache.org/contact
[jira] [Created] (ARTEMIS-4911) Routed message count increases when message was rejected by filters
Aleksandr Milovidov created ARTEMIS-4911: Summary: Routed message count increases when message was rejected by filters Key: ARTEMIS-4911 URL: https://issues.apache.org/jira/browse/ARTEMIS-4911 Project: ActiveMQ Artemis Issue Type: Bug Components: Broker Affects Versions: 2.35.0 Reporter: Aleksandr Milovidov When a message is sent to an address which has multicast queues with filters, and message properties do not match any of the filters, the message is discarded, but routed message count increases, and unrouted message count does not change. Steps to reproduce: 1. Create a new Artemis instance. 2. Create address TEST with multicast routing. 3. Create a multicast queue TEST.FILTER with filter e.g. key='value' on this address. 4. Send a multicast test message: artemis producer --user=admin --password=admin --url=tcp://localhost:61616 --message-count=1 --destination=topic://TEST The message is not delivered to any queue, but the routed message count of the address is incremented. It also happens when sending a message to FQQN destination=topic://TEST::TEST.FILTER -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: issues-unsubscr...@activemq.apache.org For additional commands, e-mail: issues-h...@activemq.apache.org For further information, visit: https://activemq.apache.org/contact
[jira] [Commented] (ARTEMIS-4629) Core bridge configuration validation errors
[ https://issues.apache.org/jira/browse/ARTEMIS-4629?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17814331#comment-17814331 ] Aleksandr Milovidov commented on ARTEMIS-4629: -- [~jbertram] Thanks for clarifying the documentation. And sorry for missing closing tag. When all parameters are placed in correct order, it works. > Core bridge configuration validation errors > --- > > Key: ARTEMIS-4629 > URL: https://issues.apache.org/jira/browse/ARTEMIS-4629 > Project: ActiveMQ Artemis > Issue Type: Bug > Components: Documentation >Affects Versions: 2.32.0 > Environment: ActiveMQ Artemis 2.32.0, 2.31.2 > Operating systems: Windows, Linux >Reporter: Aleksandr Milovidov >Assignee: Justin Bertram >Priority: Minor > Fix For: 2.33.0 > > Attachments: example_validation_errors.log, non_working_example3.xml, > non_working_example4.xml, working_example1.xml, working_example2.xml > > Time Spent: 20m > Remaining Estimate: 0h > > When I tried to configure Core Bridge to transfer messages from one Artemis > broker to another clustered Artemis broker, I have encountered several > validation errors. I tried to insert ha option in different positions in the > bridge section and got different validation errors. It seems that order of > parameters in the bridge section does matter and it is impossible to combine > ha options with reconnect parameters. > Attached examples of working and non-working bridge configurations (it needs > to be added to default broker.xml). > Example core bridge configuration from documentation also does not work. > There are also undocumented parameters which are mentioned in error log > message, for example "reconnect-attempts-same-node". It is documented only in > configuration index (does not exists in > [https://activemq.apache.org/components/artemis/documentation/latest/core-bridges.html]). -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (ARTEMIS-4629) Core bridge configuration validation errors
Aleksandr Milovidov created ARTEMIS-4629: Summary: Core bridge configuration validation errors Key: ARTEMIS-4629 URL: https://issues.apache.org/jira/browse/ARTEMIS-4629 Project: ActiveMQ Artemis Issue Type: Bug Components: Configuration Affects Versions: 2.32.0 Environment: ActiveMQ Artemis 2.32.0, 2.31.2 Operating systems: Windows, Linux Reporter: Aleksandr Milovidov Attachments: example_validation_errors.log, non_working_example3.xml, non_working_example4.xml, working_example1.xml, working_example2.xml When I tried to configure Core Bridge to transfer messages from one Artemis broker to another clustered Artemis broker, I have encountered several validation errors. I tried to insert ha option in different positions in the bridge section and got different validation errors. It seems that order of parameters in the bridge section does matter and it is impossible to combine ha options with reconnect parameters. Attached examples of working and non-working bridge configurations (it needs to be added to default broker.xml). Example core bridge configuration from documentation also does not work. There are also undocumented parameters which are mentioned in error log message, for example "reconnect-attempts-same-node". It is documented only in configuration index (does not exists in [https://activemq.apache.org/components/artemis/documentation/latest/core-bridges.html]). -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (ARTEMIS-4405) Incorrect username logging in AMQ601264 events
[
https://issues.apache.org/jira/browse/ARTEMIS-4405?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17759986#comment-17759986
]
Aleksandr Milovidov commented on ARTEMIS-4405:
--
[~jbertram] Thanks!
> Incorrect username logging in AMQ601264 events
> --
>
> Key: ARTEMIS-4405
> URL: https://issues.apache.org/jira/browse/ARTEMIS-4405
> Project: ActiveMQ Artemis
> Issue Type: Bug
>Affects Versions: 2.30.0
>Reporter: Aleksandr Milovidov
>Assignee: Justin Bertram
>Priority: Minor
> Fix For: 2.31.0
>
> Time Spent: 40m
> Remaining Estimate: 0h
>
> We have ActiveMQ Artemis with audit logging turned on, and sometimes wrong
> username is logged when user gets an authorization error (audit log event
> AMQ601264). I have reproduced this issue when client uses STOMP to connect to
> the broker. In that case client username is always logged as anonymous, and
> source IP address seems to be correct.
> We have a lot of other audit log messages where different usernames are
> logged in single log event, but I cannot attach these logs because it
> contains sensitive information. I think this problem is not specific to STOMP
> clients because most our clients use core and openwire. I will try to
> reproduce it later.
> The problem is not specific to the current version of Artemis.
> Steps to reproduce (for STOMP client):
> 1. Create Artemis instance
> {{artemis create --user admin --password admin --require-login }}
> Edit {{artemis-roles.properties}} and {{artemis-users.properties}} to create
> some other user with password and non-admin role. For example, add string
> {{alice = alice}} to both files.
> Edit log4j2.properties to enable base audit logging:
> {code:java}
> logger.audit_base = INFO, audit_log_file{code}
> To connect to the broker with STOMP I have used python with Stompest library
> (it has to be installed using pip install stompest).
> Example STOMP producer python code (it does not handle authorization errors):
>
> {code:java}
> from stompest.config import StompConfig
> from stompest.protocol import StompSpec
> from stompest.sync import Stomp
> CONFIG = StompConfig("tcp://localhost:61613", login="alice",
> passcode="alice", version=StompSpec.VERSION_1_0)
> QUEUE = 'test.queue'
> client = Stomp(CONFIG)
> client.connect()
> client.send(QUEUE, 'Test message'.encode())
> client.disconnect()
> {code}
> Run this example code. Check broker audit.log. For example:
>
> {code:java}
> 2023-08-28 17:39:20,042 [AUDIT](Thread-1 (activemq-netty-threads)) AMQ601267:
> User alice(alice)@127.0.0.1:56685 is creating a core session on target
> resource ActiveMQServerImpl::name=0.0.0.0 with parameters:
> [ac22db0e-45b0-11ee-b333-005056abe8b9, alice, , 102400,
> org.apache.activemq.artemis.core.protocol.stomp.StompConnection@3313e538,
> true, false, false, false, null,
> org.apache.activemq.artemis.core.protocol.stomp.StompSession@2fc820ee, true,
> {}]
> 2023-08-28 17:39:20,081 [AUDIT](Thread-1 (activemq-netty-threads)) AMQ601262:
> User alice(alice)@127.0.0.1:56685 is creating address on target resource:
> ac22db0e-45b0-11ee-b333-005056abe8b9 with parameters: [Address
> [name=test.queue, id=0, routingTypes={MULTICAST}, autoCreated=false,
> paused=false, bindingRemovedTimestamp=-1, swept=false,
> createdTimestamp=1693233560081], true]
> 2023-08-28 17:39:20,116 [AUDIT](Thread-1 (activemq-netty-threads)) AMQ601264:
> User anonymous@127.0.0.1:56685 gets security check failure, reason =
> AMQ229032: User: alice does not have permission='CREATE_ADDRESS' on address
> test.queue
> org.apache.activemq.artemis.api.core.ActiveMQSecurityException: AMQ229032:
> User: alice does not have permission='CREATE_ADDRESS' on address test.queue
> at
> org.apache.activemq.artemis.core.security.impl.SecurityStoreImpl.check(SecurityStoreImpl.java:305)
> [artemis-server-2.30.0.jar:2.30.0]
> at
> org.apache.activemq.artemis.core.security.impl.SecurityStoreImpl.check(SecurityStoreImpl.java:227)
> [artemis-server-2.30.0.jar:2.30.0]
> at
> org.apache.activemq.artemis.core.server.impl.ServerSessionImpl.securityCheck(ServerSessionImpl.java:503)
> [artemis-server-2.30.0.jar:2.30.0]
> at
> org.apache.activemq.artemis.core.server.impl.ServerSessionImpl.createAddress(ServerSessionImpl.java:972)
> [artemis-server-2.30.0.jar:2.30.0]
> at
> org.apache.activemq.artemis.core.server.impl.ServerSessionImpl.createAddress(ServerSessionImpl.java:962)
> [artemis-server-2.30.0.jar:2.30.0]
> at
> org.apache.activemq.artemis.core.protocol.stomp.StompConnection.autoCreateDestinationIfPossible(StompConnection.java:184)
> [artemis-stomp-protocol-2.30.0.jar:2.30.0]
> at
>
[jira] [Updated] (ARTEMIS-4405) Incorrect username logging in AMQ601264 events
[
https://issues.apache.org/jira/browse/ARTEMIS-4405?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Aleksandr Milovidov updated ARTEMIS-4405:
-
Description:
We have ActiveMQ Artemis with audit logging turned on, and sometimes wrong
username is logged when user gets an authorization error (audit log event
AMQ601264). I have reproduced this issue when client uses STOMP to connect to
the broker. In that case client username is always logged as anonymous, and
source IP address seems to be correct.
We have a lot of other audit log messages where different usernames are logged
in single log event, but I cannot attach these logs because it contains
sensitive information. I think this problem is not specific to STOMP clients
because most our clients use core and openwire. I will try to reproduce it
later.
The problem is not specific to the current version of Artemis.
Steps to reproduce (for STOMP client):
1. Create Artemis instance
{{artemis create --user admin --password admin --require-login }}
Edit {{artemis-roles.properties}} and {{artemis-users.properties}} to create
some other user with password and non-admin role. For example, add string
{{alice = alice}} to both files.
Edit log4j2.properties to enable base audit logging:
{code:java}
logger.audit_base = INFO, audit_log_file{code}
To connect to the broker with STOMP I have used python with Stompest library
(it has to be installed using pip install stompest).
Example STOMP producer python code (it does not handle authorization errors):
{code:java}
from stompest.config import StompConfig
from stompest.protocol import StompSpec
from stompest.sync import Stomp
CONFIG = StompConfig("tcp://localhost:61613", login="alice", passcode="alice",
version=StompSpec.VERSION_1_0)
QUEUE = 'test.queue'
client = Stomp(CONFIG)
client.connect()
client.send(QUEUE, 'Test message'.encode())
client.disconnect()
{code}
Run this example code. Check broker audit.log. For example:
{code:java}
2023-08-28 17:39:20,042 [AUDIT](Thread-1 (activemq-netty-threads)) AMQ601267:
User alice(alice)@127.0.0.1:56685 is creating a core session on target resource
ActiveMQServerImpl::name=0.0.0.0 with parameters:
[ac22db0e-45b0-11ee-b333-005056abe8b9, alice, , 102400,
org.apache.activemq.artemis.core.protocol.stomp.StompConnection@3313e538, true,
false, false, false, null,
org.apache.activemq.artemis.core.protocol.stomp.StompSession@2fc820ee, true, {}]
2023-08-28 17:39:20,081 [AUDIT](Thread-1 (activemq-netty-threads)) AMQ601262:
User alice(alice)@127.0.0.1:56685 is creating address on target resource:
ac22db0e-45b0-11ee-b333-005056abe8b9 with parameters: [Address
[name=test.queue, id=0, routingTypes={MULTICAST}, autoCreated=false,
paused=false, bindingRemovedTimestamp=-1, swept=false,
createdTimestamp=1693233560081], true]
2023-08-28 17:39:20,116 [AUDIT](Thread-1 (activemq-netty-threads)) AMQ601264:
User anonymous@127.0.0.1:56685 gets security check failure, reason = AMQ229032:
User: alice does not have permission='CREATE_ADDRESS' on address test.queue
org.apache.activemq.artemis.api.core.ActiveMQSecurityException: AMQ229032:
User: alice does not have permission='CREATE_ADDRESS' on address test.queue
at
org.apache.activemq.artemis.core.security.impl.SecurityStoreImpl.check(SecurityStoreImpl.java:305)
[artemis-server-2.30.0.jar:2.30.0]
at
org.apache.activemq.artemis.core.security.impl.SecurityStoreImpl.check(SecurityStoreImpl.java:227)
[artemis-server-2.30.0.jar:2.30.0]
at
org.apache.activemq.artemis.core.server.impl.ServerSessionImpl.securityCheck(ServerSessionImpl.java:503)
[artemis-server-2.30.0.jar:2.30.0]
at
org.apache.activemq.artemis.core.server.impl.ServerSessionImpl.createAddress(ServerSessionImpl.java:972)
[artemis-server-2.30.0.jar:2.30.0]
at
org.apache.activemq.artemis.core.server.impl.ServerSessionImpl.createAddress(ServerSessionImpl.java:962)
[artemis-server-2.30.0.jar:2.30.0]
at
org.apache.activemq.artemis.core.protocol.stomp.StompConnection.autoCreateDestinationIfPossible(StompConnection.java:184)
[artemis-stomp-protocol-2.30.0.jar:2.30.0]
at
org.apache.activemq.artemis.core.protocol.stomp.VersionedStompFrameHandler.onSend(VersionedStompFrameHandler.java:188)
[artemis-stomp-protocol-2.30.0.jar:2.30.0]
at
org.apache.activemq.artemis.core.protocol.stomp.VersionedStompFrameHandler.handleFrame(VersionedStompFrameHandler.java:87)
[artemis-stomp-protocol-2.30.0.jar:2.30.0]
at
org.apache.activemq.artemis.core.protocol.stomp.StompConnection.handleFrame(StompConnection.java:424)
[artemis-stomp-protocol-2.30.0.jar:2.30.0]
at
org.apache.activemq.artemis.core.protocol.stomp.StompProtocolManager.handleBuffer(StompProtocolManager.java:162)
[artemis-stomp-protocol-2.30.0.jar:2.30.0]
at
org.apache.activemq.artemis.core.protocol.stomp.StompConnection.bufferReceived(StompConnection.java:307)
[jira] [Created] (ARTEMIS-4405) Incorrect username logging in AMQ601264 events
Aleksandr Milovidov created ARTEMIS-4405:
Summary: Incorrect username logging in AMQ601264 events
Key: ARTEMIS-4405
URL: https://issues.apache.org/jira/browse/ARTEMIS-4405
Project: ActiveMQ Artemis
Issue Type: Bug
Affects Versions: 2.30.0
Reporter: Aleksandr Milovidov
We have ActiveMQ Artemis with audit logging turned on, and sometimes wrong
username is logged when user gets an authorization error (audit log event
AMQ601264). I have reproduced this issue when client uses STOMP to connect to
the broker. In that case client username is always logged as anonymous, and
source IP address seems to be correct.
We have a lot of other audit log messages where different usernames are logged
in single log event, but I cannot attach these logs because it contains
sensitive information. I think this problem is not specific to STOMP clients
because most our clients use core and openwire. I will try to reproduce it
later.
The problem is not specific to current version of Artemis.
Steps to reproduce (for STOMP client):
1. Create Artemis instance
{{artemis create --user admin --password admin --require-login }}
Edit {{artemis-roles.properties}} and {{artemis-users.properties}} to create
some other user with password and non-admin role. For example, add string
{{alice = alice}} to both files.
Edit log4j2.properties to enable base audit logging:
{code:java}
logger.audit_base = INFO, audit_log_file{code}
To connect to the broker with STOMP I have used python with Stompest library
(it has to be installed using pip install stompest).
Example STOMP producer python code (it does not handle authorization errors):
{code:java}
from stompest.config import StompConfig
from stompest.protocol import StompSpec
from stompest.sync import Stomp
CONFIG = StompConfig("tcp://localhost:61613", login="alice", passcode="alice",
version=StompSpec.VERSION_1_0)
QUEUE = 'test.queue'
client = Stomp(CONFIG)
client.connect()
client.send(QUEUE, 'Test message'.encode())
client.disconnect()
{code}
Run this example code. Check broker audit.log. For example:
{code:java}
2023-08-28 17:39:20,042 [AUDIT](Thread-1 (activemq-netty-threads)) AMQ601267:
User alice(alice)@127.0.0.1:56685 is creating a core session on target resource
ActiveMQServerImpl::name=0.0.0.0 with parameters:
[ac22db0e-45b0-11ee-b333-005056abe8b9, alice, , 102400,
org.apache.activemq.artemis.core.protocol.stomp.StompConnection@3313e538, true,
false, false, false, null,
org.apache.activemq.artemis.core.protocol.stomp.StompSession@2fc820ee, true, {}]
2023-08-28 17:39:20,081 [AUDIT](Thread-1 (activemq-netty-threads)) AMQ601262:
User alice(alice)@127.0.0.1:56685 is creating address on target resource:
ac22db0e-45b0-11ee-b333-005056abe8b9 with parameters: [Address
[name=test.queue, id=0, routingTypes={MULTICAST}, autoCreated=false,
paused=false, bindingRemovedTimestamp=-1, swept=false,
createdTimestamp=1693233560081], true]
2023-08-28 17:39:20,116 [AUDIT](Thread-1 (activemq-netty-threads)) AMQ601264:
User anonymous@127.0.0.1:56685 gets security check failure, reason = AMQ229032:
User: alice does not have permission='CREATE_ADDRESS' on address test.queue
org.apache.activemq.artemis.api.core.ActiveMQSecurityException: AMQ229032:
User: alice does not have permission='CREATE_ADDRESS' on address test.queue
at
org.apache.activemq.artemis.core.security.impl.SecurityStoreImpl.check(SecurityStoreImpl.java:305)
[artemis-server-2.30.0.jar:2.30.0]
at
org.apache.activemq.artemis.core.security.impl.SecurityStoreImpl.check(SecurityStoreImpl.java:227)
[artemis-server-2.30.0.jar:2.30.0]
at
org.apache.activemq.artemis.core.server.impl.ServerSessionImpl.securityCheck(ServerSessionImpl.java:503)
[artemis-server-2.30.0.jar:2.30.0]
at
org.apache.activemq.artemis.core.server.impl.ServerSessionImpl.createAddress(ServerSessionImpl.java:972)
[artemis-server-2.30.0.jar:2.30.0]
at
org.apache.activemq.artemis.core.server.impl.ServerSessionImpl.createAddress(ServerSessionImpl.java:962)
[artemis-server-2.30.0.jar:2.30.0]
at
org.apache.activemq.artemis.core.protocol.stomp.StompConnection.autoCreateDestinationIfPossible(StompConnection.java:184)
[artemis-stomp-protocol-2.30.0.jar:2.30.0]
at
org.apache.activemq.artemis.core.protocol.stomp.VersionedStompFrameHandler.onSend(VersionedStompFrameHandler.java:188)
[artemis-stomp-protocol-2.30.0.jar:2.30.0]
at
org.apache.activemq.artemis.core.protocol.stomp.VersionedStompFrameHandler.handleFrame(VersionedStompFrameHandler.java:87)
[artemis-stomp-protocol-2.30.0.jar:2.30.0]
at
org.apache.activemq.artemis.core.protocol.stomp.StompConnection.handleFrame(StompConnection.java:424)
[artemis-stomp-protocol-2.30.0.jar:2.30.0]
at
org.apache.activemq.artemis.core.protocol.stomp.StompProtocolManager.handleBuffer(StompProtocolManager.java:162)
[jira] [Created] (ARTEMIS-4397) Problem with bootstrap.xml after artemis upgrade
Aleksandr Milovidov created ARTEMIS-4397:
Summary: Problem with bootstrap.xml after artemis upgrade
Key: ARTEMIS-4397
URL: https://issues.apache.org/jira/browse/ARTEMIS-4397
Project: ActiveMQ Artemis
Issue Type: Bug
Affects Versions: 2.30.0, 2.29.0
Reporter: Aleksandr Milovidov
We have found strange problem when upgrading ActiveMQ Artemis instance from
version 2.29.0 and higher to the same or higher version.
After running command {{{}artemis upgrade /path/to/instance{}}}, web section in
bootstrap.xml is broken and Artemis cannot start. It looks like:
{code:java}
http://localhost:8161;>
{code}
After each upgrade, duplicate property "name" is added to the some app sections.
When upgrading to the current version, it also breaks bootstrap.xml. Tried in
Windows and Linux, does not differ.
When upgrading from 2.28 and earlier, it does not cause problem. I'm not sure
but it seems that bootstrap.xml does not contain name property in previous
versions.
Steps to reproduce: unzip apache-artemis archive, create instance and upgrade
(Windows example):
{{artemis.cmd create --user admin --password password --require-login
C:\path\to\artemis-inst-2.29.0}}
{{artemis.cmd upgrade C:\path\to\artemis-inst-2.29.0}}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
