Uploaded image for project: 'AMQ Broker'
  1. AMQ Broker
  2. ENTMQBR-3841

AMQ 7.7 concurrent jolokia operations can incorrectly update artemis-roles.properties or artemis-users.properties

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: AMQ 7.7.0.GA
    • Fix Version/s: AMQ 7.8.0.CR1
    • Component/s: broker-core
    • Labels:
      None
    • Target Release:
    • Steps to Reproduce:
      Hide

      Example test:

      #!/bin/bash
      for i in {1..5}
      do
      
              # remove myuser
              curl -k --user admin:admin -H "Origin: http://localhost:8161" "http://localhost:8161/console/jolokia/exec/org.apache.activemq.artemis:broker=%220.0.0.0%22/removeUser(java.lang.String)/myuser" &      
        
              # create user 'myuser' with password 'mypassword'
              curl -k --user admin:admin -H "Origin: http://localhost:8161" "http://localhost:8161/console/jolokia/exec/org.apache.activemq.artemis:broker=%220.0.0.0%22/addUser(java.lang.String,java.lang.String,java.lang.String,boolean)/myuser/mypassword//false" & 
             
              # add role 'myrole' to 'myuser'
              curl -k --user admin:admin -H "Origin: http://localhost:8161" "http://localhost:8161/console/jolokia/exec/org.apache.activemq.artemis:broker=%220.0.0.0%22/resetUser(java.lang.String,java.lang.String,java.lang.String)/myuser/mypassword/myrole" &       
      
              # perform read operation as admin user, just to see if we can connect
              curl -k --user admin:admin -H "Origin: http://localhost:8161" "http://localhost:8161/console/jolokia/exec/org.apache.activemq.artemis:broker=%220.0.0.0%22/listNetworkTopology()" &
      done
      
      

      After executing the above script (multiple times if necessary), sometimes the following logs will be encountered in the broker (note that the test does not remove/add admin):

      2020-09-01 14:35:28,398 WARN [io.hawt.system.Authenticator] Login failed due to: User does not exist: admin

      Examination, in this case, of artemis-roles.properties shows:

      $ cat etc/artemis-roles.properties | grep -v '#'
      amq = admin
       = myuser
      

      But there are multiple variants that may occur.  The in-memory user data is likely affected as well, since the admin user is no longer able to authenticate at all.

       

       

      Show
      Example test: #!/bin/bash for i in {1..5} do # remove myuser curl -k --user admin:admin -H "Origin: http: //localhost:8161" "http://localhost:8161/console/jolokia/exec/org.apache.activemq.artemis:broker=%220.0.0.0%22/removeUser(java.lang. String )/myuser" & # create user 'myuser' with password 'mypassword' curl -k --user admin:admin -H "Origin: http: //localhost:8161" "http://localhost:8161/console/jolokia/exec/org.apache.activemq.artemis:broker=%220.0.0.0%22/addUser(java.lang. String ,java.lang. String ,java.lang. String , boolean )/myuser/mypassword// false " & # add role 'myrole' to 'myuser' curl -k --user admin:admin -H "Origin: http: //localhost:8161" "http://localhost:8161/console/jolokia/exec/org.apache.activemq.artemis:broker=%220.0.0.0%22/resetUser(java.lang. String ,java.lang. String ,java.lang. String )/myuser/mypassword/myrole" & # perform read operation as admin user, just to see if we can connect curl -k --user admin:admin -H "Origin: http: //localhost:8161" "http://localhost:8161/console/jolokia/exec/org.apache.activemq.artemis:broker=%220.0.0.0%22/listNetworkTopology()" & done After executing the above script (multiple times if necessary), sometimes the following logs will be encountered in the broker (note that the test does not remove/add admin): 2020-09-01 14:35:28,398 WARN [io.hawt.system.Authenticator] Login failed due to: User does not exist: admin Examination, in this case, of artemis-roles.properties shows: $ cat etc/artemis-roles.properties | grep -v '#' amq = admin = myuser But there are multiple variants that may occur.  The in-memory user data is likely affected as well, since the admin user is no longer able to authenticate at all.    
    • Release Notes Text:
      Hide
      Previously, if multiple, concurrent Jolokia operations that manipulated users and roles or permissions took place on the broker, the broker might incorrectly update or remove some data in the `artemis-roles.properties` or `artemis-users.properties` configuration files. This issue is now resolved.
      Show
      Previously, if multiple, concurrent Jolokia operations that manipulated users and roles or permissions took place on the broker, the broker might incorrectly update or remove some data in the `artemis-roles.properties` or `artemis-users.properties` configuration files. This issue is now resolved.
    • Release Notes Docs Status:
      Documented as Resolved Issue
    • Verified:
      Verified in a release

      Description

      Multi-threaded jolokia operations for operations that manipulate the users and roles/permissions in Artemis can cause some data to be incorrectly updated or erroneously removed.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              jbertram Justin Bertram
              Reporter:
              rhn-support-shiggs Stephen Higgs
              Tester:
              Oleg Sushchenko Oleg Sushchenko
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: