Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: AMQ 7.12.0.GA
Affects Version/s: AMQ 7.11.1.GA
Component/s: None
Labels:
- CEE.neXT
- upstream-test-coverage

Blocked:
False
Blocked Reason:
None
Ready:
False
GSS Priority:
Target Release:

AMQ 7.12.0.GA
Upstream Jira:
https://issues.apache.org/jira/browse/ARTEMIS-4580
Steps to Reproduce:
Hide

import org.apache.activemq.artemis.core.config.impl.ConfigurationImpl; import org.apache.activemq.artemis.core.config.impl.RoleSet; import org.apache.activemq.artemis.core.config.impl.SecurityConfiguration; import org.apache.activemq.artemis.core.security.Role; import org.apache.activemq.artemis.core.server.embedded.EmbeddedActiveMQ; import org.apache.activemq.artemis.jms.client.ActiveMQConnectionFactory; import org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager; import org.apache.activemq.artemis.spi.core.security.jaas.InVMLoginModule; import org.junit.jupiter.api.BeforeAll; import org.junit.jupiter.api.Test; import javax.jms.Connection; import javax.jms.Destination; import javax.jms.MessageProducer; import javax.jms.Session; public class AMQUnitTest { @BeforeAll public static void setup() throws Exception { EmbeddedActiveMQ embeddedActiveMQ = new EmbeddedActiveMQ(); ConfigurationImpl configuration = new ConfigurationImpl(); RoleSet roles1 = new RoleSet(); roles1.add(new Role("test",true,true,true,true,true,true,true,true,true,true)); RoleSet roles2 = new RoleSet(); roles2.add(new Role("test",false,false,true,true,true,true,true,true,true,true)); configuration.addSecurityRole("foo::q1", roles1); configuration.addSecurityRole("foo", roles2); configuration.setSecurityEnabled(true); configuration.addAcceptorConfiguration("artemis","tcp://localhost:61616"); configuration.setMaxDiskUsage(100); embeddedActiveMQ.setConfiguration(configuration); ActiveMQJAASSecurityManager securityManager = new ActiveMQJAASSecurityManager(InVMLoginModule.class.getName()); SecurityConfiguration securityConfiguration = new SecurityConfiguration(); securityConfiguration.addUser("test","test"); securityConfiguration.addRole("test","test"); securityConfiguration.getAppConfigurationEntry("activemq"); securityManager.setConfiguration(securityConfiguration); embeddedActiveMQ.setSecurityManager(securityManager); embeddedActiveMQ.start(); } @Test public void sendMessage() throws Exception { ActiveMQConnectionFactory connectionFactory = new ActiveMQConnectionFactory(); connectionFactory.setBrokerURL("tcp://localhost:61616"); connectionFactory.setUser("test"); connectionFactory.setPassword("test"); Connection connection = connectionFactory.createConnection(); Session session = connection.createSession(false,Session.AUTO_ACKNOWLEDGE); Destination destination = session.createQueue("foo::q1"); MessageProducer messageProducer = session.createProducer(destination); messageProducer.send(session.createTextMessage("hi")); } }
Show
import org.apache.activemq.artemis.core.config.impl.ConfigurationImpl; import org.apache.activemq.artemis.core.config.impl.RoleSet; import org.apache.activemq.artemis.core.config.impl.SecurityConfiguration; import org.apache.activemq.artemis.core.security.Role; import org.apache.activemq.artemis.core.server.embedded.EmbeddedActiveMQ; import org.apache.activemq.artemis.jms.client.ActiveMQConnectionFactory; import org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager; import org.apache.activemq.artemis.spi.core.security.jaas.InVMLoginModule; import org.junit.jupiter.api.BeforeAll; import org.junit.jupiter.api.Test; import javax.jms.Connection; import javax.jms.Destination; import javax.jms.MessageProducer; import javax.jms.Session; public class AMQUnitTest { @BeforeAll public static void setup() throws Exception { EmbeddedActiveMQ embeddedActiveMQ = new EmbeddedActiveMQ(); ConfigurationImpl configuration = new ConfigurationImpl(); RoleSet roles1 = new RoleSet(); roles1.add( new Role( "test" , true , true , true , true , true , true , true , true , true , true )); RoleSet roles2 = new RoleSet(); roles2.add( new Role( "test" , false , false , true , true , true , true , true , true , true , true )); configuration.addSecurityRole( "foo::q1" , roles1); configuration.addSecurityRole( "foo" , roles2); configuration.setSecurityEnabled( true ); configuration.addAcceptorConfiguration( "artemis" , "tcp: //localhost:61616" ); configuration.setMaxDiskUsage(100); embeddedActiveMQ.setConfiguration(configuration); ActiveMQJAASSecurityManager securityManager = new ActiveMQJAASSecurityManager(InVMLoginModule. class. getName()); SecurityConfiguration securityConfiguration = new SecurityConfiguration(); securityConfiguration.addUser( "test" , "test" ); securityConfiguration.addRole( "test" , "test" ); securityConfiguration.getAppConfigurationEntry( "activemq" ); securityManager.setConfiguration(securityConfiguration); embeddedActiveMQ.setSecurityManager(securityManager); embeddedActiveMQ.start(); } @Test public void sendMessage() throws Exception { ActiveMQConnectionFactory connectionFactory = new ActiveMQConnectionFactory(); connectionFactory.setBrokerURL( "tcp: //localhost:61616" ); connectionFactory.setUser( "test" ); connectionFactory.setPassword( "test" ); Connection connection = connectionFactory.createConnection(); Session session = connection.createSession( false ,Session.AUTO_ACKNOWLEDGE); Destination destination = session.createQueue( "foo::q1" ); MessageProducer messageProducer = session.createProducer(destination); messageProducer.send(session.createTextMessage( "hi" )); } }
Intelligence Requested:
Market:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Security settings that are configured for a combination of the address::queue don't work.

<security-setting match="foo::q1"> <permission type="send" roles="test"/> </security-setting>

If a user with role test tries to send to the fqqn queue (foo:q1), it throws the following error:

javax.jms.JMSSecurityException: AMQ229032: User: test does not have permission='SEND' on address foo

Though there is a check in the code, the queue will always be null here:

https://github.com/apache/activemq-artemis/blob/main/artemis-server/src/main/java/org/apache/activemq/artemis/core/security/impl/SecurityStoreImpl.java#L265

https://github.com/apache/activemq-artemis/blob/main/artemis-server/src/main/java/org/apache/activemq/artemis/core/security/impl/SecurityStoreImpl.java#L237-L247

relates to

ENTMQBR-9153 Fine-grained security roles settings with FQQN is not working

Closed

Assignee:: Justin Bertram

Reporter:: Avinash Dongre

Tester:: Roman Vais (Inactive)

Votes:: 10 Vote for this issue

Watchers:: 14 Start watching this issue

Created:: 2023/09/14 3:32 AM

Updated:: 2024/08/30 1:26 PM

Resolved:: 2024/04/23 11:49 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates