This is an automated email from the ASF dual-hosted git repository. clebertsuconic pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/activemq-artemis.git
The following commit(s) were added to refs/heads/master by this push: new e533bf8 ARTEMIS-2344 return security errors for unauthorized anonymous sasl new c9a7bbc This closes #2671 e533bf8 is described below commit e533bf876e43059eb5f52ed81117a6012c76addb Author: brusdev <bruscin...@gmail.com> AuthorDate: Thu May 16 15:14:07 2019 +0200 ARTEMIS-2344 return security errors for unauthorized anonymous sasl When user attempts unauthorized anonymous sasl the broker can return an error of 'failed' instead of the security error that is expected in these cases. --- .../protocol/amqp/proton/AMQPSessionContext.java | 3 +++ .../amqp/proton/handler/ProtonHandler.java | 8 ++++++++ .../amqp/JMSConnectionWithSecurityTest.java | 22 ++++++++++++++++++++++ 3 files changed, 33 insertions(+) diff --git a/artemis-protocols/artemis-amqp-protocol/src/main/java/org/apache/activemq/artemis/protocol/amqp/proton/AMQPSessionContext.java b/artemis-protocols/artemis-amqp-protocol/src/main/java/org/apache/activemq/artemis/protocol/amqp/proton/AMQPSessionContext.java index c8bb13e..e57acec 100644 --- a/artemis-protocols/artemis-amqp-protocol/src/main/java/org/apache/activemq/artemis/protocol/amqp/proton/AMQPSessionContext.java +++ b/artemis-protocols/artemis-amqp-protocol/src/main/java/org/apache/activemq/artemis/protocol/amqp/proton/AMQPSessionContext.java @@ -21,6 +21,7 @@ import java.util.Map; import java.util.Set; import java.util.concurrent.ConcurrentHashMap; +import org.apache.activemq.artemis.api.core.ActiveMQSecurityException; import org.apache.activemq.artemis.core.server.ServerProducer; import org.apache.activemq.artemis.core.server.impl.ServerProducerImpl; import org.apache.activemq.artemis.protocol.amqp.broker.AMQPSessionCallback; @@ -69,6 +70,8 @@ public class AMQPSessionContext extends ProtonInitializable { if (sessionSPI != null) { try { sessionSPI.init(this, connection.getSASLResult()); + } catch (ActiveMQSecurityException e) { + throw e; } catch (Exception e) { throw new ActiveMQAMQPInternalErrorException(e.getMessage(), e); } diff --git a/artemis-protocols/artemis-amqp-protocol/src/main/java/org/apache/activemq/artemis/protocol/amqp/proton/handler/ProtonHandler.java b/artemis-protocols/artemis-amqp-protocol/src/main/java/org/apache/activemq/artemis/protocol/amqp/proton/handler/ProtonHandler.java index a4b2131..00dfd00 100644 --- a/artemis-protocols/artemis-amqp-protocol/src/main/java/org/apache/activemq/artemis/protocol/amqp/proton/handler/ProtonHandler.java +++ b/artemis-protocols/artemis-amqp-protocol/src/main/java/org/apache/activemq/artemis/protocol/amqp/proton/handler/ProtonHandler.java @@ -27,6 +27,7 @@ import java.util.concurrent.TimeUnit; import io.netty.buffer.ByteBuf; import io.netty.buffer.PooledByteBufAllocator; import io.netty.channel.EventLoop; +import org.apache.activemq.artemis.api.core.ActiveMQSecurityException; import org.apache.activemq.artemis.protocol.amqp.proton.AMQPConnectionContext; import org.apache.activemq.artemis.protocol.amqp.proton.ProtonInitializable; import org.apache.activemq.artemis.protocol.amqp.sasl.ClientSASL; @@ -482,6 +483,13 @@ public class ProtonHandler extends ProtonInitializable implements SaslListener { } try { Events.dispatch(ev, h); + } catch (ActiveMQSecurityException e) { + log.warn(e.getMessage(), e); + ErrorCondition error = new ErrorCondition(); + error.setCondition(AmqpError.UNAUTHORIZED_ACCESS); + error.setDescription(e.getMessage() == null ? e.getClass().getSimpleName() : e.getMessage()); + connection.setCondition(error); + connection.close(); } catch (Exception e) { log.warn(e.getMessage(), e); ErrorCondition error = new ErrorCondition(); diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/amqp/JMSConnectionWithSecurityTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/amqp/JMSConnectionWithSecurityTest.java index 3bc2354..7199efc 100644 --- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/amqp/JMSConnectionWithSecurityTest.java +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/amqp/JMSConnectionWithSecurityTest.java @@ -27,8 +27,11 @@ import javax.jms.Session; import javax.jms.TextMessage; import org.apache.activemq.artemis.tests.integration.IntegrationTestLogger; +import org.apache.qpid.jms.JmsConnectionFactory; import org.junit.Test; +import java.net.URI; + public class JMSConnectionWithSecurityTest extends JMSClientTestSupport { @Override @@ -58,6 +61,25 @@ public class JMSConnectionWithSecurityTest extends JMSClientTestSupport { } @Test(timeout = 10000) + public void testNoUserOrPasswordWithoutSaslRestrictions() throws Exception { + Connection connection = null; + JmsConnectionFactory factory = new JmsConnectionFactory(new URI("amqp://localhost:" + AMQP_PORT)); + try { + connection = factory.createConnection(); + connection.start(); + fail("Expected Exception"); + } catch (JMSSecurityException ex) { + IntegrationTestLogger.LOGGER.debug("Failed to authenticate connection with no user / password."); + } catch (Exception ex) { + fail("Expected JMSSecurityException"); + } finally { + if (connection != null) { + connection.close(); + } + } + } + + @Test(timeout = 10000) public void testUnknownUser() throws Exception { Connection connection = null; try {