Hello,
I have debugged your unit test today and the reason for not getting an authorization exception in test accessToProtectedTopicWithWildcardsDestinationAsUserShouldFail() is that the AuthorizationBroker appends the security roles of all of the sub nodes in its authorization configuration. You have entries for "messages.>" as well as "messages.cat1" and "messages.cat" in your authorization config. Because of the wildcard in "messages.>" it appends the group names of all sub nodes. From the entry "messages.cat1" it also adds the "users" groups. This is a bug IMHO. Although I believe there must be some reason for adding the authorization groups of sub nodes in the brokers authorization plugin at runtime. Do you mind raising a JIRA ticket and attaching your JUnit test? Thanks, Torsten Mielke tors...@fusesource.com tmie...@blogspot.com On Nov 12, 2011, at 7:29 PM, Thorsten Panitz wrote: > Hi, > > I'm working for 6 month with ActiveMQ so this could be a misconfiguration on > my side. Here is the problem. > > We are using the default authentication/authorization system as described in > http://activemq.apache.org/security.html#Security-Authorization with the > following configuration: > > <plugins> > <simpleAuthenticationPlugin> > <users> > <authenticationUser > username="admin" > password="admin" > groups="admins"/> > <authenticationUser > username="user" > password="user" > groups="users"/> > </users> > </simpleAuthenticationPlugin> > <authorizationPlugin> > <map> > <authorizationMap> > <authorizationEntries> > <authorizationEntry topic="messages.>" > read="admins" > write="admins" > admin="admins"/> > <authorizationEntry topic="messages.cat2" > read="admins" > write="admins" > admin="admins"/> > <authorizationEntry topic="messages.cat1" > read="admins, users" > write="admins, users" > admin="admins, users"/> > <authorizationEntry topic="ActiveMQ.Advisory.>" > read="admins, users" > write="admins, users" > admin="admins, users"/> > </authorizationEntries> > </authorizationMap> > </map> > </authorizationPlugin> > </plugins> > > As exepected, clients connecting as "user" to the topic "messages.cat2" get > an exception ("User user is not authorized to read from: > topic://messages.cat2"). Suprisingly "user" can receive messages from topic > "messages.cat2" if he creates a consumer with the destination "messages.>": > > <code> > final Destination destination = new ActiveMQTopic("messages.>"); > final Connection conn = new ActiveMQConnectionFactory("user", "user", > BROKER_URL).createConnection(); > final Session session = conn.createSession(false, Session.AUTO_ACKNOWLEDGE); > final MessageConsumer consumer = session.createConsumer(destination); > conn.start(); > closure.run(); > final Message message = consumer.receive(TIMEOUT); > session.close(); > conn.close(); > </code> > > IMHO this behaviour is a security problem as an unprivileged user can receive > messages from a protected topic or queue! > > I've attached a maven project with JUnit tests showing the problem. > > > Environment: > > OS: Mac OS X 10.6.8 > JRE/JDK: 1.6.0_29 > ActiveMQ: 5.5.0 > > > Thanks for your help! > > > Regards, > > Thorsten > > <ActiveMQAuthorizationTestProject.zip>
