Uploaded image for project: 'A-MQ Broker'
  1. A-MQ Broker
  2. ENTMQBR-3841

AMQ 7.7 concurrent jolokia operations can incorrectly update artemis-roles.properties or artemis-users.properties

    Details

    • Type: Bug
    • Status: Done
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: AMQ 7.7.0.GA
    • Fix Version/s: AMQ 7.8.0.CR1
    • Component/s: broker-core
    • Labels:
      None
    • Target Release:
    • Steps to Reproduce:
      Hide

      Example test:

      #!/bin/bash
      for i in {1..5}
      do
      
              # remove myuser
              curl -k --user admin:admin -H "Origin: http://localhost:8161" "http://localhost:8161/console/jolokia/exec/org.apache.activemq.artemis:broker=%220.0.0.0%22/removeUser(java.lang.String)/myuser" &      
        
              # create user 'myuser' with password 'mypassword'
              curl -k --user admin:admin -H "Origin: http://localhost:8161" "http://localhost:8161/console/jolokia/exec/org.apache.activemq.artemis:broker=%220.0.0.0%22/addUser(java.lang.String,java.lang.String,java.lang.String,boolean)/myuser/mypassword//false" & 
             
              # add role 'myrole' to 'myuser'
              curl -k --user admin:admin -H "Origin: http://localhost:8161" "http://localhost:8161/console/jolokia/exec/org.apache.activemq.artemis:broker=%220.0.0.0%22/resetUser(java.lang.String,java.lang.String,java.lang.String)/myuser/mypassword/myrole" &       
      
              # perform read operation as admin user, just to see if we can connect
              curl -k --user admin:admin -H "Origin: http://localhost:8161" "http://localhost:8161/console/jolokia/exec/org.apache.activemq.artemis:broker=%220.0.0.0%22/listNetworkTopology()" &
      done
      
      

      After executing the above script (multiple times if necessary), sometimes the following logs will be encountered in the broker (note that the test does not remove/add admin):

      2020-09-01 14:35:28,398 WARN [io.hawt.system.Authenticator] Login failed due to: User does not exist: admin

      Examination, in this case, of artemis-roles.properties shows:

      $ cat etc/artemis-roles.properties | grep -v '#'
      amq = admin
       = myuser
      

      But there are multiple variants that may occur.  The in-memory user data is likely affected as well, since the admin user is no longer able to authenticate at all.

       

       

      Show
      Example test: #!/bin/bash for i in {1..5} do # remove myuser curl -k --user admin:admin -H "Origin: http: //localhost:8161" "http://localhost:8161/console/jolokia/exec/org.apache.activemq.artemis:broker=%220.0.0.0%22/removeUser(java.lang. String )/myuser" & # create user 'myuser' with password 'mypassword' curl -k --user admin:admin -H "Origin: http: //localhost:8161" "http://localhost:8161/console/jolokia/exec/org.apache.activemq.artemis:broker=%220.0.0.0%22/addUser(java.lang. String ,java.lang. String ,java.lang. String , boolean )/myuser/mypassword// false " & # add role 'myrole' to 'myuser' curl -k --user admin:admin -H "Origin: http: //localhost:8161" "http://localhost:8161/console/jolokia/exec/org.apache.activemq.artemis:broker=%220.0.0.0%22/resetUser(java.lang. String ,java.lang. String ,java.lang. String )/myuser/mypassword/myrole" & # perform read operation as admin user, just to see if we can connect curl -k --user admin:admin -H "Origin: http: //localhost:8161" "http://localhost:8161/console/jolokia/exec/org.apache.activemq.artemis:broker=%220.0.0.0%22/listNetworkTopology()" & done After executing the above script (multiple times if necessary), sometimes the following logs will be encountered in the broker (note that the test does not remove/add admin): 2020-09-01 14:35:28,398 WARN [io.hawt.system.Authenticator] Login failed due to: User does not exist: admin Examination, in this case, of artemis-roles.properties shows: $ cat etc/artemis-roles.properties | grep -v '#' amq = admin = myuser But there are multiple variants that may occur.  The in-memory user data is likely affected as well, since the admin user is no longer able to authenticate at all.    
    • Release Notes Text:
      Hide
      Previously, if multiple, concurrent Jolokia operations that manipulated users and roles or permissions took place on the broker, the broker might incorrectly update or remove some data in the `artemis-roles.properties` or `artemis-users.properties` configuration files. This issue is now resolved.
      Show
      Previously, if multiple, concurrent Jolokia operations that manipulated users and roles or permissions took place on the broker, the broker might incorrectly update or remove some data in the `artemis-roles.properties` or `artemis-users.properties` configuration files. This issue is now resolved.
    • Release Notes Docs Status:
      Documented as Resolved Issue

      Description

      Multi-threaded jolokia operations for operations that manipulate the users and roles/permissions in Artemis can cause some data to be incorrectly updated or erroneously removed.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  jbertram Justin Bertram
                  Reporter:
                  rhn-support-shiggs Stephen Higgs
                  Tester:
                  Oleg Sushchenko
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  4 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: