On 6/21/07, Tom Samplonius <[EMAIL PROTECTED]> wrote:
----- "James Strachan" <[EMAIL PROTECTED]> wrote: ... > Just use the JAAS plugin in ActiveMQ and you're good to go; the Stomp > code uses whatever security plugin you're using As has been discussed, this is broken, and has been since 4.1.1 or earlier. Is there any sort of roadmap to the ActiveMQ internals,
We use JIRA for the roadmap... http://issues.apache.org/activemq/browse/AMQ?report=com.atlassian.jira.plugin.system.project:roadmap-panel
so I can take a stab at fixing this without having to start from scratch?
Awesome! We *love* contributions.... http://activemq.apache.org/contributing.html
All of the wire protocols tie back to some sort of core, where auth is evaluated. And that is supposed to flow back to the wire protocol again. And the ActiveMQ core just depends on the protocol to do the right thing. If the auth failed, it will still take successive commands.
Yeah, that sounds an easy one to fix; we just need to disconnect the socket if a connection fails I guess? Fancy taking a stab at it? Am thinking some code in ProtcolConverter if an exception occurs on the response, to just close the connection (after the ERROR is sent back).
> I know lots of folks using both the Web Console and Stomp in > production with security But I don't know how this could be possible, unless people just haven't tried with a mis-spelled password. And there isn't a release version of ActiveMQ that doesn't lose Stomp messages one way or another. So I have to assume that they production sites are using snapshots too.
Which message loss thing is that? Is there a JIRA?
But Stomp support is as buggy as hell in ActiveMQ.
Thats a little strong, AFAIK there's only a couple of bugs...
It seems that the ActiveMQ project operates in some sort of twilight mode. Most projects would have issued a security advisory. Doesn't the Apache Foundation require its projects to issue security advisories for serious security problems? Doesn't the "Apache Way" include, "security as a mandatory feature"?
FWIW most JMS providers come with no security at all out of the box; as MOMs are typically run inside the firewall & security is usually enabled by changing the default configuration. But you are right, we should log a warning that security in STOMP does not work properly, so a mis-behaving stomp client could actually do bad things.
If no one can fix Stomp, that's fine, but it should be at least be disabled on default configuration.
We may as well fix this bug before the next release, rather than doing a release just to disable stomp support -- James ------- http://macstrac.blogspot.com/