Uploaded image for project: 'AMQ Broker'
  1. AMQ Broker
  2. ENTMQBR-3841

AMQ 7.7 concurrent jolokia operations can incorrectly update artemis-roles.properties or artemis-users.properties

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • AMQ 7.8.0.CR1
    • AMQ 7.7.0.GA
    • broker-core
    • None
    • Hide
      Previously, if multiple, concurrent Jolokia operations that manipulated users and roles or permissions took place on the broker, the broker might incorrectly update or remove some data in the `artemis-roles.properties` or `artemis-users.properties` configuration files. This issue is now resolved.
      Show
      Previously, if multiple, concurrent Jolokia operations that manipulated users and roles or permissions took place on the broker, the broker might incorrectly update or remove some data in the `artemis-roles.properties` or `artemis-users.properties` configuration files. This issue is now resolved.
    • Documented as Resolved Issue
    • Verified in a release
    • Hide

      Example test:

      #!/bin/bash
for i in {1..5}
do

        # remove myuser
        curl -k --user admin:admin -H "Origin: http://localhost:8161" "http://localhost:8161/console/jolokia/exec/org.apache.activemq.artemis:broker=%220.0.0.0%22/removeUser(java.lang.String)/myuser" &      
  
        # create user 'myuser' with password 'mypassword'
        curl -k --user admin:admin -H "Origin: http://localhost:8161" "http://localhost:8161/console/jolokia/exec/org.apache.activemq.artemis:broker=%220.0.0.0%22/addUser(java.lang.String,java.lang.String,java.lang.String,boolean)/myuser/mypassword//false" & 
       
        # add role 'myrole' to 'myuser'
        curl -k --user admin:admin -H "Origin: http://localhost:8161" "http://localhost:8161/console/jolokia/exec/org.apache.activemq.artemis:broker=%220.0.0.0%22/resetUser(java.lang.String,java.lang.String,java.lang.String)/myuser/mypassword/myrole" &       

        # perform read operation as admin user, just to see if we can connect
        curl -k --user admin:admin -H "Origin: http://localhost:8161" "http://localhost:8161/console/jolokia/exec/org.apache.activemq.artemis:broker=%220.0.0.0%22/listNetworkTopology()" &
done

      After executing the above script (multiple times if necessary), sometimes the following logs will be encountered in the broker (note that the test does not remove/add admin):

      2020-09-01 14:35:28,398 WARN [io.hawt.system.Authenticator] Login failed due to: User does not exist: admin

      Examination, in this case, of artemis-roles.properties shows:

      $ cat etc/artemis-roles.properties | grep -v '#'
amq = admin
 = myuser

      But there are multiple variants that may occur.  The in-memory user data is likely affected as well, since the admin user is no longer able to authenticate at all.

       

       

      Show
      Example test: #!/bin/bash for i in {1..5} do # remove myuser curl -k --user admin:admin -H "Origin: http: //localhost:8161" "http://localhost:8161/console/jolokia/exec/org.apache.activemq.artemis:broker=%220.0.0.0%22/removeUser(java.lang. String )/myuser" & # create user 'myuser' with password 'mypassword' curl -k --user admin:admin -H "Origin: http: //localhost:8161" "http://localhost:8161/console/jolokia/exec/org.apache.activemq.artemis:broker=%220.0.0.0%22/addUser(java.lang. String ,java.lang. String ,java.lang. String , boolean )/myuser/mypassword// false " & # add role 'myrole' to 'myuser' curl -k --user admin:admin -H "Origin: http: //localhost:8161" "http://localhost:8161/console/jolokia/exec/org.apache.activemq.artemis:broker=%220.0.0.0%22/resetUser(java.lang. String ,java.lang. String ,java.lang. String )/myuser/mypassword/myrole" & # perform read operation as admin user, just to see if we can connect curl -k --user admin:admin -H "Origin: http: //localhost:8161" "http://localhost:8161/console/jolokia/exec/org.apache.activemq.artemis:broker=%220.0.0.0%22/listNetworkTopology()" & done After executing the above script (multiple times if necessary), sometimes the following logs will be encountered in the broker (note that the test does not remove/add admin): 2020-09-01 14:35:28,398 WARN [io.hawt.system.Authenticator] Login failed due to: User does not exist: admin Examination, in this case, of artemis-roles.properties shows: $ cat etc/artemis-roles.properties | grep -v '#' amq = admin = myuser But there are multiple variants that may occur.  The in-memory user data is likely affected as well, since the admin user is no longer able to authenticate at all.    

    Description

      Multi-threaded jolokia operations for operations that manipulate the users and roles/permissions in Artemis can cause some data to be incorrectly updated or erroneously removed.

      Attachments

        Issue Links

          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. ENTMQBR-3923 [LTS] AMQ 7.7 concurrent jolokia operations can incorrectly update artemis-roles.properties or artemis-users.properties

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              rhn-support-jbertram Justin Bertram
              rhn-support-shiggs Stephen Higgs
              Oleg Sushchenko Oleg Sushchenko
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: