Uploaded image for project: 'AMQ Broker'
  1. AMQ Broker
  2. ENTMQBR-9337

Large messages are written to disk even if the send operation is rejected for missing SEND permission

XMLWordPrintable

    • 1
    • False
    • None
    • False
    • Hide

      1. Create a broker with multiple roles and with the send permission restricted to one role. I used guest for the read-only role:

            <security-settings>
               <security-setting match="#">
                  <permission type="createNonDurableQueue" roles="amq,guest"/>
                  <permission type="deleteNonDurableQueue" roles="amq,guest"/>
                  <permission type="createDurableQueue" roles="amq,guest"/>
                  <permission type="deleteDurableQueue" roles="amq,guest"/>
                  <permission type="createAddress" roles="amq,guest"/>
                  <permission type="deleteAddress" roles="amq,guest"/>
                  <permission type="consume" roles="amq,guest"/>
                  <permission type="browse" roles="amq,guest"/>
                  <permission type="send" roles="amq"/>
                  <!-- we need this otherwise ./artemis data imp wouldn't work -->
                  <permission type="manage" roles="amq"/>
               </security-setting>
            </security-settings>
      

      2. Create user with the "guest" role.
      3. Send large messages to the broker using the guest role
      4. Examine the large-messages directory of the broker. Some large messages are written to the directory, despite the rejection of the send operation

      Show
      1. Create a broker with multiple roles and with the send permission restricted to one role. I used guest for the read-only role: <security-settings> <security-setting match="#"> <permission type="createNonDurableQueue" roles="amq,guest"/> <permission type="deleteNonDurableQueue" roles="amq,guest"/> <permission type="createDurableQueue" roles="amq,guest"/> <permission type="deleteDurableQueue" roles="amq,guest"/> <permission type="createAddress" roles="amq,guest"/> <permission type="deleteAddress" roles="amq,guest"/> <permission type="consume" roles="amq,guest"/> <permission type="browse" roles="amq,guest"/> <permission type="send" roles="amq"/> <!-- we need this otherwise ./artemis data imp wouldn't work --> <permission type="manage" roles="amq"/> </security-setting> </security-settings> 2. Create user with the "guest" role. 3. Send large messages to the broker using the guest role 4. Examine the large-messages directory of the broker. Some large messages are written to the directory, despite the rejection of the send operation

      If an AMQP client authenticates, but tries sending large messages to a destination, the sender correctly receives an error:

      javax.jms.JMSSecurityException: AMQ119017: not authorized to create producer, AMQ229032: User: client2 does not have permission='SEND' on address TEST.Q.0 [condition = amqp:unauthorized-access]
      	at org.apache.qpid.jms.provider.exceptions.ProviderSecurityException.toJMSException(ProviderSecurityException.java:41)
      	at org.apache.qpid.jms.provider.exceptions.ProviderSecurityException.toJMSException(ProviderSecurityException.java:27)
      	at org.apache.qpid.jms.exceptions.JmsExceptionSupport.create(JmsExceptionSupport.java:80)
      	at org.apache.qpid.jms.exceptions.JmsExceptionSupport.create(JmsExceptionSupport.java:112)
      	at org.apache.qpid.jms.JmsConnection.createResource(JmsConnection.java:698)
      	at org.apache.qpid.jms.JmsMessageProducer.<init>(JmsMessageProducer.java:73)
      	at org.apache.qpid.jms.JmsSession.createProducer(JmsSession.java:676)
      	at org.fusebyexample.amqp.client.simple.ProducerThread.run(ProducerThread.java:226)
      Caused by: org.apache.qpid.jms.provider.exceptions.ProviderSecurityException: AMQ119017: not authorized to create producer, AMQ229032: User: client2 does not have permission='SEND' on address TEST.Q.0 [condition = amqp:unauthorized-access]
      	at org.apache.qpid.jms.provider.amqp.AmqpSupport.convertToNonFatalException(AmqpSupport.java:173)
      	at org.apache.qpid.jms.provider.amqp.builders.AmqpResourceBuilder.getOpenAbortExceptionFromRemote(AmqpResourceBuilder.java:305)
      	at org.apache.qpid.jms.provider.amqp.builders.AmqpResourceBuilder.handleClosed(AmqpResourceBuilder.java:191)
      	at org.apache.qpid.jms.provider.amqp.builders.AmqpResourceBuilder.processRemoteClose(AmqpResourceBuilder.java:132)
      	at org.apache.qpid.jms.provider.amqp.AmqpProvider.processUpdates(AmqpProvider.java:992)
      	at org.apache.qpid.jms.provider.amqp.AmqpProvider.onData(AmqpProvider.java:878)
      	at org.apache.qpid.jms.transports.netty.NettyTcpTransport$NettyTcpTransportHandler.channelRead0(NettyTcpTransport.java:548)
      	at org.apache.qpid.jms.transports.netty.NettyTcpTransport$NettyTcpTransportHandler.channelRead0(NettyTcpTransport.java:541)
      	at io.netty.channel.SimpleChannelInboundHandler.channelRead(SimpleChannelInboundHandler.java:99)
      	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444)
      	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
      	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412)
      	at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1373)
      	at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1236)
      	at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1285)
      	at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:529)
      	at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:468)
      	at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:290)
      	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444)
      	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
      	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412)
      	at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
      	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440)
      	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
      	at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
      	at io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:800)
      	at io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:499)
      	at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:397)
      	at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997)
      	at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
      	at java.base/java.lang.Thread.run(Thread.java:840)
      

      and in the broker log:

       2024-08-08 12:25:44,740 WARN  [org.apache.activemq.artemis.protocol.amqp.broker.AMQPSessionCallback] AMQ229032: User: client2 does not have permission='SEND' on address TEST.Q.0
      org.apache.activemq.artemis.api.core.ActiveMQSecurityException: AMQ229032: User: client2 does not have permission='SEND' on address TEST.Q.0
      	at org.apache.activemq.artemis.core.security.impl.SecurityStoreImpl.check(SecurityStoreImpl.java:318) ~[artemis-server-2.33.0.redhat-00013.jar:2.33.0.redhat-00013]
      	at org.apache.activemq.artemis.core.server.impl.ServerSessionImpl.securityCheck(ServerSessionImpl.java:517) ~[artemis-server-2.33.0.redhat-00013.jar:2.33.0.redhat-00013]
      	at org.apache.activemq.artemis.core.server.impl.ServerSessionImpl.doSend(ServerSessionImpl.java:2329) ~[artemis-server-2.33.0.redhat-00013.jar:2.33.0.redhat-00013]
      	at org.apache.activemq.artemis.core.server.impl.ServerSessionImpl.send(ServerSessionImpl.java:1962) ~[artemis-server-2.33.0.redhat-00013.jar:2.33.0.redhat-00013]
      	at org.apache.activemq.artemis.protocol.amqp.broker.AMQPSessionCallback.inSessionSend(AMQPSessionCallback.java:559) ~[artemis-amqp-protocol-2.33.0.redhat-00013.jar:2.33.0.redhat-00013]
      	at org.apache.activemq.artemis.protocol.amqp.broker.AMQPSessionCallback.lambda$serverSend$2(AMQPSessionCallback.java:518) ~[artemis-amqp-protocol-2.33.0.redhat-00013.jar:2.33.0.redhat-00013]
      	at org.apache.activemq.artemis.utils.actors.OrderedExecutor.doTask(OrderedExecutor.java:57) ~[artemis-commons-2.33.0.redhat-00013.jar:2.33.0.redhat-00013]
      	at org.apache.activemq.artemis.utils.actors.OrderedExecutor.doTask(OrderedExecutor.java:32) ~[artemis-commons-2.33.0.redhat-00013.jar:2.33.0.redhat-00013]
      	at org.apache.activemq.artemis.utils.actors.ProcessorBase.executePendingTasks(ProcessorBase.java:68) ~[artemis-commons-2.33.0.redhat-00013.jar:2.33.0.redhat-00013]
      	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) [?:?]
      	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) [?:?]
      	at org.apache.activemq.artemis.utils.ActiveMQThreadFactory$1.run(ActiveMQThreadFactory.java:118) [artemis-commons-2.33.0.redhat-00013.jar:2.33.0.redhat-00013]
      2024-08-08 12:25:47,627 INFO  [org.apache.activemq.artemis.protocol.amqp.logger] AMQ111002: 
      

      But an inspection of the large-messages directory reveals that large messages are still written to disk, even though the message count on the broker shows as 0 for the address / queue.

            rhn-support-tbish Tim Bish
            rhn-support-dhawkins Duane Hawkins
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: