This is an automated email from the ASF dual-hosted git repository.
clebertsuconic pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/activemq-artemis.git
The following commit(s) were added to refs/heads/master by this push:
new e533bf8 ARTEMIS-2344 return security errors for unauthorized
anonymous sasl
new c9a7bbc This closes #2671
e533bf8 is described below
commit e533bf876e43059eb5f52ed81117a6012c76addb
Author: brusdev <bruscin...@gmail.com>
AuthorDate: Thu May 16 15:14:07 2019 +0200
ARTEMIS-2344 return security errors for unauthorized anonymous sasl
When user attempts unauthorized anonymous sasl the broker can return an
error of 'failed' instead of the security error that is expected in
these cases.
---
.../protocol/amqp/proton/AMQPSessionContext.java | 3 +++
.../amqp/proton/handler/ProtonHandler.java | 8 ++++++++
.../amqp/JMSConnectionWithSecurityTest.java | 22 ++++++++++++++++++++++
3 files changed, 33 insertions(+)
diff --git
a/artemis-protocols/artemis-amqp-protocol/src/main/java/org/apache/activemq/artemis/protocol/amqp/proton/AMQPSessionContext.java
b/artemis-protocols/artemis-amqp-protocol/src/main/java/org/apache/activemq/artemis/protocol/amqp/proton/AMQPSessionContext.java
index c8bb13e..e57acec 100644
---
a/artemis-protocols/artemis-amqp-protocol/src/main/java/org/apache/activemq/artemis/protocol/amqp/proton/AMQPSessionContext.java
+++
b/artemis-protocols/artemis-amqp-protocol/src/main/java/org/apache/activemq/artemis/protocol/amqp/proton/AMQPSessionContext.java
@@ -21,6 +21,7 @@ import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
+import org.apache.activemq.artemis.api.core.ActiveMQSecurityException;
import org.apache.activemq.artemis.core.server.ServerProducer;
import org.apache.activemq.artemis.core.server.impl.ServerProducerImpl;
import org.apache.activemq.artemis.protocol.amqp.broker.AMQPSessionCallback;
@@ -69,6 +70,8 @@ public class AMQPSessionContext extends ProtonInitializable {
if (sessionSPI != null) {
try {
sessionSPI.init(this, connection.getSASLResult());
+ } catch (ActiveMQSecurityException e) {
+ throw e;
} catch (Exception e) {
throw new ActiveMQAMQPInternalErrorException(e.getMessage(), e);
}
diff --git
a/artemis-protocols/artemis-amqp-protocol/src/main/java/org/apache/activemq/artemis/protocol/amqp/proton/handler/ProtonHandler.java
b/artemis-protocols/artemis-amqp-protocol/src/main/java/org/apache/activemq/artemis/protocol/amqp/proton/handler/ProtonHandler.java
index a4b2131..00dfd00 100644
---
a/artemis-protocols/artemis-amqp-protocol/src/main/java/org/apache/activemq/artemis/protocol/amqp/proton/handler/ProtonHandler.java
+++
b/artemis-protocols/artemis-amqp-protocol/src/main/java/org/apache/activemq/artemis/protocol/amqp/proton/handler/ProtonHandler.java
@@ -27,6 +27,7 @@ import java.util.concurrent.TimeUnit;
import io.netty.buffer.ByteBuf;
import io.netty.buffer.PooledByteBufAllocator;
import io.netty.channel.EventLoop;
+import org.apache.activemq.artemis.api.core.ActiveMQSecurityException;
import org.apache.activemq.artemis.protocol.amqp.proton.AMQPConnectionContext;
import org.apache.activemq.artemis.protocol.amqp.proton.ProtonInitializable;
import org.apache.activemq.artemis.protocol.amqp.sasl.ClientSASL;
@@ -482,6 +483,13 @@ public class ProtonHandler extends ProtonInitializable
implements SaslListener {
}
try {
Events.dispatch(ev, h);
+ } catch (ActiveMQSecurityException e) {
+ log.warn(e.getMessage(), e);
+ ErrorCondition error = new ErrorCondition();
+ error.setCondition(AmqpError.UNAUTHORIZED_ACCESS);
+ error.setDescription(e.getMessage() == null ?
e.getClass().getSimpleName() : e.getMessage());
+ connection.setCondition(error);
+ connection.close();
} catch (Exception e) {
log.warn(e.getMessage(), e);
ErrorCondition error = new ErrorCondition();
diff --git
a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/amqp/JMSConnectionWithSecurityTest.java
b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/amqp/JMSConnectionWithSecurityTest.java
index 3bc2354..7199efc 100644
---
a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/amqp/JMSConnectionWithSecurityTest.java
+++
b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/amqp/JMSConnectionWithSecurityTest.java
@@ -27,8 +27,11 @@ import javax.jms.Session;
import javax.jms.TextMessage;
import org.apache.activemq.artemis.tests.integration.IntegrationTestLogger;
+import org.apache.qpid.jms.JmsConnectionFactory;
import org.junit.Test;
+import java.net.URI;
+
public class JMSConnectionWithSecurityTest extends JMSClientTestSupport {
@Override
@@ -58,6 +61,25 @@ public class JMSConnectionWithSecurityTest extends
JMSClientTestSupport {
}
@Test(timeout = 10000)
+ public void testNoUserOrPasswordWithoutSaslRestrictions() throws Exception {
+ Connection connection = null;
+ JmsConnectionFactory factory = new JmsConnectionFactory(new
URI("amqp://localhost:" + AMQP_PORT));
+ try {
+ connection = factory.createConnection();
+ connection.start();
+ fail("Expected Exception");
+ } catch (JMSSecurityException ex) {
+ IntegrationTestLogger.LOGGER.debug("Failed to authenticate connection
with no user / password.");
+ } catch (Exception ex) {
+ fail("Expected JMSSecurityException");
+ } finally {
+ if (connection != null) {
+ connection.close();
+ }
+ }
+ }
+
+ @Test(timeout = 10000)
public void testUnknownUser() throws Exception {
Connection connection = null;
try {
