Hello! We are using ActiveMQ Artemis with versions 2.28.0 - 2.29.0 and we have a lot of clients which can use some other versions and implementations. Some clients use ActiveMQ classic client library. When user tries to connect with OPENWIRE protocol and send a message to the queue to which it has no permissions, it causes an exception on the server:
2023-08-01 11:01:24,469 WARN [org.apache.activemq.artemis.core.protocol.openwire.OpenWireConnection] Errors occurred during the buffering operation org.apache.activemq.artemis.api.core.ActiveMQSecurityException: AMQ229032: User: test does not have permission='CREATE_ADDRESS' on address TEST at org.apache.activemq.artemis.core.security.impl.SecurityStoreImpl.check(SecurityStoreImpl.java:305) ~[artemis-server-2.30.0.jar:2.30.0] at org.apache.activemq.artemis.core.security.impl.SecurityStoreImpl.check(SecurityStoreImpl.java:227) ~[artemis-server-2.30.0.jar:2.30.0] at org.apache.activemq.artemis.core.server.impl.ServerSessionImpl.securityCheck(ServerSessionImpl.java:503) ~[artemis-server-2.30.0.jar:2.30.0] at org.apache.activemq.artemis.core.server.impl.ServerSessionImpl.createAddress(ServerSessionImpl.java:972) ~[artemis-server-2.30.0.jar:2.30.0] at org.apache.activemq.artemis.core.server.impl.ServerSessionImpl.createAddress(ServerSessionImpl.java:962) ~[artemis-server-2.30.0.jar:2.30.0] at org.apache.activemq.artemis.core.server.impl.ServerSessionImpl.checkAutoCreate(ServerSessionImpl.java:1794) ~[artemis-server-2.30.0.jar:2.30.0] at org.apache.activemq.artemis.core.protocol.openwire.OpenWireConnection.addDestination(OpenWireConnection.java:902) ~[artemis-openwire-protocol-2.30.0.jar:2.30.0] at org.apache.activemq.artemis.core.protocol.openwire.OpenWireConnection$CommandProcessor.processAddProducer(OpenWireConnection.java:1237) ~[artemis-openwire-protocol-2.30.0.jar:2.30.0] at org.apache.activemq.command.ProducerInfo.visit(ProducerInfo.java:108) ~[activemq-client-5.17.2.jar:5.17.2] at org.apache.activemq.artemis.core.protocol.openwire.OpenWireConnection.act(OpenWireConnection.java:369) ~[artemis-openwire-protocol-2.30.0.jar:2.30.0] at org.apache.activemq.artemis.utils.actors.ThresholdActor.doTask(ThresholdActor.java:68) ~[artemis-commons-2.30.0.jar:?] at org.apache.activemq.artemis.utils.actors.ProcessorBase.executePendingTasks(ProcessorBase.java:68) ~[artemis-commons-2.30.0.jar:?] at org.apache.activemq.artemis.utils.actors.OrderedExecutor.doTask(OrderedExecutor.java:57) ~[artemis-commons-2.30.0.jar:?] at org.apache.activemq.artemis.utils.actors.OrderedExecutor.doTask(OrderedExecutor.java:32) ~[artemis-commons-2.30.0.jar:?] at org.apache.activemq.artemis.utils.actors.ProcessorBase.executePendingTasks(ProcessorBase.java:68) ~[artemis-commons-2.30.0.jar:?] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) [?:?] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) [?:?] at org.apache.activemq.artemis.utils.ActiveMQThreadFactory$1.run(ActiveMQThreadFactory.java:118) [artemis-commons-2.30.0.jar:?] Similar error happens when consuming from non-existing queue to which it has no permissinos to create. It is easy to reproduce in Artemis 2.28.0 - 2.30.0. I have created Artemis instance with following settings: artemis create --user admin --password admin --require-login path/to/artemis-instance-2.30.0 Then I have created (by editing manually artemis-users.properties and artemis-roles.properties, but you can use artemis user add command) user "test" with password "test" and role "test". I have used A utility (https://github.com/fmtn/a) to send a test message to non-existing test queue (to which test user has no permissions): a -b tcp://localhost:61616 -U test -P test -p "test" TEST (it uses OPENWIRE protocol by default). We have shared test instance of ActiveMQ Artemis 2.29.0 where lots of misconfigured clients cause such exceptions at several times per second, and I have found another exception which looks like previous (but caused by other client error and has NullPointerException): 2023-08-01 09:45:00,432 WARN [org.apache.activemq.artemis.core.protocol.openwire.OpenWireConnection] Errors occurred during the buffering operation java.lang.NullPointerException: null 2023-08-01 09:45:00,432 WARN [org.apache.activemq.artemis.core.protocol.openwire.OpenWireConnection] Errors occurred during the buffering operation java.lang.NullPointerException: null 2023-08-01 09:45:00,432 WARN [org.apache.activemq.artemis.core.protocol.openwire.OpenWireConnection] Errors occurred during the buffering operation javax.jms.IllegalStateException: Cannot add a consumer to a connection that had not been registered: ID:srv-12345-1111111111111-11:1 at org.apache.activemq.artemis.core.protocol.openwire.OpenWireConnection.addConsumer(OpenWireConnection.java:950) ~[artemis-openwire-protocol-2.29.0.jar:2.29.0] at org.apache.activemq.artemis.core.protocol.openwire.OpenWireConnection$CommandProcessor.processAddConsumer(OpenWireConnection.java:1253) ~[artemis-openwire-protocol-2.29.0.jar:2.29.0] at org.apache.activemq.command.ConsumerInfo.visit(ConsumerInfo.java:352) ~[activemq-client-5.17.2.jar:5.17.2] at org.apache.activemq.artemis.core.protocol.openwire.OpenWireConnection.act(OpenWireConnection.java:370) [artemis-openwire-protocol-2.29.0.jar:2.29.0] at org.apache.activemq.artemis.core.protocol.openwire.OpenWireConnection.bufferReceived(OpenWireConnection.java:313) [artemis-openwire-protocol-2.29.0.jar:2.29.0] at org.apache.activemq.artemis.core.remoting.server.impl.RemotingServiceImpl$DelegatingBufferHandler.bufferReceived(RemotingServiceImpl.java:698) [artemis-server-2.29.0.jar:2.29.0] at org.apache.activemq.artemis.core.remoting.impl.netty.ActiveMQChannelHandler.channelRead(ActiveMQChannelHandler.java:73) [artemis-core-client-2.29.0.jar:2.29.0] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:442) [netty-transport-4.1.93.Final.jar:4.1.93.Final] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) [netty-transport-4.1.93.Final.jar:4.1.93.Final] at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) [netty-transport-4.1.93.Final.jar:4.1.93.Final] at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:346) [netty-codec-4.1.93.Final.jar:4.1.93.Final] at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:318) [netty-codec-4.1.93.Final.jar:4.1.93.Final] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444) [netty-transport-4.1.93.Final.jar:4.1.93.Final] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) [netty-transport-4.1.93.Final.jar:4.1.93.Final] at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) [netty-transport-4.1.93.Final.jar:4.1.93.Final] at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) [netty-transport-4.1.93.Final.jar:4.1.93.Final] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440) [netty-transport-4.1.93.Final.jar:4.1.93.Final] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) [netty-transport-4.1.93.Final.jar:4.1.93.Final] at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) [netty-transport-4.1.93.Final.jar:4.1.93.Final] at io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:800) [netty-transport-classes-epoll-4.1.93.Final.jar:4.1.93.Final] at io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:499) [netty-transport-classes-epoll-4.1.93.Final.jar:4.1.93.Final] at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:397) [netty-transport-classes-epoll-4.1.93.Final.jar:4.1.93.Final] at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997) [netty-common-4.1.93.Final.jar:4.1.93.Final] at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) [netty-common-4.1.93.Final.jar:4.1.93.Final] at org.apache.activemq.artemis.utils.ActiveMQThreadFactory$1.run(ActiveMQThreadFactory.java:118) [artemis-commons-2.29.0.jar:?] I did not try to reproduce this issue because it looks more complicated. Is it fine that lack of authorization or some other client error causes an exception? It happens only with OPENWIRE clients. -- Best regards, Aleksandr Milovidov ----------------------------------- This message and any attachment are confidential and may be privileged or otherwise protected from disclosure. If you are not the intended recipient any use, distribution, copying or disclosure is strictly prohibited. If you have received this message in error, please notify the sender immediately either by telephone or by e-mail and delete this message and any attachment from your system. Correspondence via e-mail is for information purposes only. AO Raiffeisenbank neither makes nor accepts legally binding statements by e-mail unless otherwise agreed. -----------------------------------