(activemq-artemis) branch main updated: ARTEMIS-4140 mismatched host header & authority w/Core over HTTP

Thu, 05 Jun 2025 05:42:20 -0700 

This is an automated email from the ASF dual-hosted git repository.

brusdev pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/activemq-artemis.git


The following commit(s) were added to refs/heads/main by this push:
     new 3ce9c1b83d ARTEMIS-4140 mismatched host header & authority w/Core over 
HTTP
3ce9c1b83d is described below

commit 3ce9c1b83dc54e526fd2365592535aa4fd4d348a
Author: Justin Bertram <[email protected]>
AuthorDate: Fri May 23 15:08:39 2025 -0500

    ARTEMIS-4140 mismatched host header & authority w/Core over HTTP
---
 .../core/remoting/impl/netty/NettyConnector.java   |  4 +-
 .../tests/integration/http/HttpAuthorityTest.java  | 96 ++++++++++++++++++++++
 2 files changed, 98 insertions(+), 2 deletions(-)

diff --git 
a/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyConnector.java
 
b/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyConnector.java
index e0fc9be0c1..cb7ef817a4 100644
--- 
a/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyConnector.java
+++ 
b/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyConnector.java
@@ -1180,7 +1180,7 @@ public class NettyConnector extends AbstractConnector {
                }
             }
             FullHttpRequest httpRequest = new 
DefaultFullHttpRequest(HttpVersion.HTTP_1_1, HttpMethod.POST, url, buf);
-            httpRequest.headers().add(HttpHeaderNames.HOST, 
NettyConnector.this.host);
+            httpRequest.headers().add(HttpHeaderNames.HOST, 
String.format("%s:%d", host, port));
             for (Map.Entry<String, String> header : headers.entrySet()) {
                httpRequest.headers().add(header.getKey(), header.getValue());
             }
@@ -1210,7 +1210,7 @@ public class NettyConnector extends AbstractConnector {
 
             if (!waitingGet && System.currentTimeMillis() > lastSendTime + 
httpMaxClientIdleTime) {
                FullHttpRequest httpRequest = new 
DefaultFullHttpRequest(HttpVersion.HTTP_1_1, HttpMethod.GET, url);
-               httpRequest.headers().add(HttpHeaderNames.HOST, 
NettyConnector.this.host);
+               httpRequest.headers().add(HttpHeaderNames.HOST, 
String.format("%s:%d", host, port));
                for (Map.Entry<String, String> header : headers.entrySet()) {
                   httpRequest.headers().add(header.getKey(), 
header.getValue());
                }
diff --git 
a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/http/HttpAuthorityTest.java
 
b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/http/HttpAuthorityTest.java
new file mode 100644
index 0000000000..925ede3a77
--- /dev/null
+++ 
b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/http/HttpAuthorityTest.java
@@ -0,0 +1,96 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.artemis.tests.integration.http;
+
+import java.net.URI;
+import java.util.concurrent.CountDownLatch;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.atomic.AtomicBoolean;
+
+import io.netty.bootstrap.ServerBootstrap;
+import io.netty.channel.ChannelFuture;
+import io.netty.channel.ChannelHandlerContext;
+import io.netty.channel.ChannelInitializer;
+import io.netty.channel.EventLoopGroup;
+import io.netty.channel.SimpleChannelInboundHandler;
+import io.netty.channel.nio.NioEventLoopGroup;
+import io.netty.channel.socket.SocketChannel;
+import io.netty.channel.socket.nio.NioServerSocketChannel;
+import io.netty.handler.codec.http.DefaultFullHttpResponse;
+import io.netty.handler.codec.http.FullHttpRequest;
+import io.netty.handler.codec.http.HttpObjectAggregator;
+import io.netty.handler.codec.http.HttpResponseStatus;
+import io.netty.handler.codec.http.HttpServerCodec;
+import org.apache.activemq.artemis.api.core.client.ActiveMQClient;
+import org.apache.activemq.artemis.api.core.client.ClientSessionFactory;
+import org.apache.activemq.artemis.api.core.client.ServerLocator;
+import org.apache.activemq.artemis.tests.util.ActiveMQTestBase;
+import org.junit.jupiter.api.Test;
+
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+public class HttpAuthorityTest extends ActiveMQTestBase {
+
+   @Test
+   public void testHttpAuthority() throws Exception {
+      int port = 61616;
+      CountDownLatch requestTested = new CountDownLatch(1);
+      AtomicBoolean failed = new AtomicBoolean(false);
+      EventLoopGroup bossGroup = new NioEventLoopGroup();
+      EventLoopGroup workerGroup = new NioEventLoopGroup();
+      try {
+         ServerBootstrap bootstrap = new ServerBootstrap();
+         bootstrap.group(bossGroup, 
workerGroup).channel(NioServerSocketChannel.class).childHandler(new 
ChannelInitializer<SocketChannel>() {
+            @Override
+            public void initChannel(SocketChannel ch) {
+               ch.pipeline().addLast(new HttpServerCodec());
+               ch.pipeline().addLast(new HttpObjectAggregator(1024 * 1024));
+               ch.pipeline().addLast(new 
SimpleChannelInboundHandler<FullHttpRequest>() {
+                  @Override
+                  protected void channelRead0(ChannelHandlerContext ctx, 
FullHttpRequest req) {
+                     if (failed.get()) {
+                        return;
+                     }
+
+                     try {
+                        failed.set(!new 
URI(req.uri()).getAuthority().equals(req.headers().get("host")));
+                     } catch (Exception e) {
+                        failed.set(true);
+                     }
+                     requestTested.countDown();
+
+                     ctx.writeAndFlush(new 
DefaultFullHttpResponse(req.protocolVersion(), HttpResponseStatus.OK));
+                  }
+               });
+            }
+         });
+         ChannelFuture future = bootstrap.bind(port).sync();
+
+         try (ServerLocator locator = 
ActiveMQClient.createServerLocator("tcp://127.0.0.1:61616?httpEnabled=true;callTimeout=250"))
 {
+            ClientSessionFactory sf = createSessionFactory(locator);
+         } catch (Exception e) {
+            // ignore - we expect this to fail because the server isn't 
returning a valid response
+         }
+         assertTrue(requestTested.await(500, TimeUnit.MILLISECONDS));
+         assertFalse(failed.get());
+      } finally {
+         workerGroup.shutdownGracefully();
+         bossGroup.shutdownGracefully();
+      }
+   }
+}


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information, visit: https://activemq.apache.org/contact

Reply via email to