(activemq-artemis) branch main updated: ARTEMIS-5346 check routing-type when creating queue

Wed, 12 Mar 2025 06:42:41 -0700 

This is an automated email from the ASF dual-hosted git repository.

jbertram pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/activemq-artemis.git


The following commit(s) were added to refs/heads/main by this push:
     new 2216a75a57 ARTEMIS-5346 check routing-type when creating queue
2216a75a57 is described below

commit 2216a75a57f098295abb283d556c8b8bda91324d
Author: Justin Bertram <[email protected]>
AuthorDate: Tue Jan 7 16:40:53 2025 -0600

    ARTEMIS-5346 check routing-type when creating queue
---
 .../core/server/impl/ServerSessionImpl.java        |   2 +-
 .../tests/integration/security/SecurityTest.java   | 117 +++++++++++++++++++++
 2 files changed, 118 insertions(+), 1 deletion(-)

diff --git 
a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java
 
b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java
index 46b29a6519..3c071da721 100644
--- 
a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java
+++ 
b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java
@@ -753,7 +753,7 @@ public class ServerSessionImpl implements ServerSession, 
FailureListener {
 
       AddressSettings as = 
server.getAddressSettingsRepository().getMatch(queueConfiguration.getAddress().toString());
 
-      if (as.isAutoCreateAddresses() && 
server.getAddressInfo(queueConfiguration.getAddress()) == null) {
+      if (as.isAutoCreateAddresses() && 
(server.getAddressInfo(queueConfiguration.getAddress()) == null || 
!server.getAddressInfo(queueConfiguration.getAddress()).getRoutingTypes().contains(queueConfiguration.getRoutingType())))
 {
          securityCheck(queueConfiguration.getAddress(), 
queueConfiguration.getName(), CheckType.CREATE_ADDRESS, this);
       }
 
diff --git 
a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/SecurityTest.java
 
b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/SecurityTest.java
index 9ef3fde5ff..1a78bc1623 100644
--- 
a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/SecurityTest.java
+++ 
b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/SecurityTest.java
@@ -646,6 +646,123 @@ public class SecurityTest extends ActiveMQTestBase {
       }
    }
 
+   @Test
+   public void 
testJAASSecurityManagerCreateQueueWithDifferentRoutingTypeAsAddressNegative() 
throws Exception {
+      final SimpleString ADDRESS = SimpleString.of("address");
+      final SimpleString DURABLE_QUEUE = SimpleString.of("durableQueue");
+      final SimpleString NON_DURABLE_QUEUE = 
SimpleString.of("nonDurableQueue");
+      final SimpleString JMS = SimpleString.of("jms");
+
+      ActiveMQJAASSecurityManager securityManager = new 
ActiveMQJAASSecurityManager("PropertiesLogin");
+      ActiveMQServer server = 
addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true),
 ManagementFactory.getPlatformMBeanServer(), securityManager, false));
+      Set<Role> roles = new HashSet<>();
+      roles.add(new Role("programmers", false, false, true, false, true, 
false, false, false, false, false, false, false));
+      server.getConfiguration().putSecurityRoles("#", roles);
+      server.start();
+      server.addAddressInfo(new AddressInfo(ADDRESS, RoutingType.ANYCAST));
+      server.addAddressInfo(new AddressInfo(JMS, RoutingType.ANYCAST));
+
+      ClientSessionFactory cf = createSessionFactory(locator);
+      ClientSession session = addClientSession(cf.createSession("first", 
"secret", false, true, true, false, 0));
+
+      ConnectionFactory connectionFactory = new 
ActiveMQConnectionFactory("vm://0");
+
+      // Explicit attempt to modify address routing type with a durable queue
+      try {
+         
session.createQueue(QueueConfiguration.of(DURABLE_QUEUE).setAddress(ADDRESS).setRoutingType(RoutingType.MULTICAST));
+         fail("should throw exception here");
+      } catch (ActiveMQException e) {
+         assertTrue(e.getMessage().contains("User: first"));
+         assertTrue(e.getMessage().contains("does not have 
permission='CREATE_ADDRESS' for queue durableQueue on address address"));
+      }
+
+      // Implicit attempt to modify address routing type with a durable queue 
using auto-create via JMS
+      try (Connection c = connectionFactory.createConnection("first", 
"secret")) {
+         c.setClientID("myClientID");
+         Session s = c.createSession();
+         s.createDurableSubscriber(s.createTopic(JMS.toString()), "foo");
+         fail("should throw exception here");
+      } catch (JMSException e) {
+         assertTrue(e.getMessage().contains("User: first"));
+         assertTrue(e.getMessage().contains("does not have 
permission='CREATE_ADDRESS' for queue myClientID.foo on address jms"));
+      }
+
+      // Explicit attempt to modify address routing type with a non-durable 
queue
+      try {
+         
session.createQueue(QueueConfiguration.of(NON_DURABLE_QUEUE).setAddress(ADDRESS).setDurable(false).setRoutingType(RoutingType.MULTICAST));
+         fail("should throw exception here");
+      } catch (ActiveMQException e) {
+         assertTrue(e.getMessage().contains("User: first"));
+         assertTrue(e.getMessage().contains("does not have 
permission='CREATE_ADDRESS' for queue nonDurableQueue on address address"));
+      }
+
+      // Implicit attempt to modify address routing type with a non-durable 
queue using auto-create via JMS
+      try (Connection c = connectionFactory.createConnection("first", 
"secret")) {
+         Session s = c.createSession();
+         s.createConsumer(s.createTopic(JMS.toString()));
+         fail("should throw exception here");
+      } catch (JMSException e) {
+         assertTrue(e.getMessage().contains("User: first"));
+         assertTrue(e.getMessage().contains("does not have 
permission='CREATE_ADDRESS'"));
+      }
+   }
+
+   @Test
+   public void 
testJAASSecurityManagerCreateQueueWithDifferentRoutingTypeAsAddress() throws 
Exception {
+      final SimpleString ADDRESS = SimpleString.of("address");
+      final SimpleString DURABLE_QUEUE = SimpleString.of("durableQueue");
+      final SimpleString NON_DURABLE_QUEUE = 
SimpleString.of("nonDurableQueue");
+      final SimpleString JMS = SimpleString.of("jms");
+
+      ActiveMQJAASSecurityManager securityManager = new 
ActiveMQJAASSecurityManager("PropertiesLogin");
+      ActiveMQServer server = 
addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true),
 ManagementFactory.getPlatformMBeanServer(), securityManager, false));
+      Set<Role> roles = new HashSet<>();
+      roles.add(new Role("programmers", false, true, true, false, true, false, 
false, false, true, false, false, false));
+      server.getConfiguration().putSecurityRoles("#", roles);
+      server.start();
+      server.addAddressInfo(new AddressInfo(ADDRESS, RoutingType.ANYCAST));
+
+      ClientSessionFactory cf = createSessionFactory(locator);
+      ClientSession session = addClientSession(cf.createSession("first", 
"secret", false, true, true, false, 0));
+
+      ConnectionFactory connectionFactory = new 
ActiveMQConnectionFactory("vm://0");
+
+      // Explicit attempt to modify address routing type with a durable queue
+      try {
+         
session.createQueue(QueueConfiguration.of(DURABLE_QUEUE).setAddress(ADDRESS).setRoutingType(RoutingType.MULTICAST));
+      } catch (ActiveMQException e) {
+         e.printStackTrace();
+         fail("should not throw exception here");
+      }
+
+      // Implicit attempt to modify address routing type with a durable queue 
using auto-create via JMS
+      try (Connection c = connectionFactory.createConnection("first", 
"secret")) {
+         c.setClientID("myClientID");
+         Session s = c.createSession();
+         s.createDurableSubscriber(s.createTopic(JMS.toString()), "foo");
+      } catch (JMSException e) {
+         e.printStackTrace();
+         fail("should not throw exception here");
+      }
+
+      // Explicit attempt to modify address routing type with a non-durable 
queue
+      try {
+         
session.createQueue(QueueConfiguration.of(NON_DURABLE_QUEUE).setAddress(ADDRESS).setDurable(false).setRoutingType(RoutingType.MULTICAST));
+      } catch (ActiveMQException e) {
+         e.printStackTrace();
+         fail("should not throw exception here");
+      }
+
+      // Implicit attempt to modify address routing type with a non-durable 
queue using auto-create via JMS
+      try (Connection c = connectionFactory.createConnection("first", 
"secret")) {
+         Session s = c.createSession();
+         s.createConsumer(s.createTopic(JMS.toString()));
+      } catch (JMSException e) {
+         e.printStackTrace();
+         fail("should not throw exception here");
+      }
+   }
+
    @Test
    // this is for backwards compatibility with the pre-FQQN syntax from 
ARTEMIS-592
    public void 
testJAASSecurityManagerAuthorizationSameAddressDifferentQueuesDotSyntax() 
throws Exception {


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information, visit: https://activemq.apache.org/contact

Reply via email to