[
https://issues.apache.org/jira/browse/AMQ-3598?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Claus Ibsen updated AMQ-3598:
-----------------------------
Assignee: (was: Claus Ibsen)
> Unprivileged users can receive messages from a protected topic when using
> wildcards in destination
> --------------------------------------------------------------------------------------------------
>
> Key: AMQ-3598
> URL: https://issues.apache.org/jira/browse/AMQ-3598
> Project: ActiveMQ
> Issue Type: Bug
> Components: Broker
> Affects Versions: 5.5.0, 5.5.1
> Environment: OS: Mac OS X 10.6.8
> JRE/JDK: 1.6.0_29
> ActiveMQ: 5.5.0
> Reporter: Thorsten Panitz
> Labels: authorization, security
> Fix For: 5.11.0
>
> Attachments: AMQ-3598.patch, ActiveMQAuthorizationBug.zip
>
>
> A consumer can receive messages from protected queues/topics if he uses a
> Destination which contains a wildcard as described
> [here|http://activemq.apache.org/wildcards.html]:
> {code:language=java}
> Destination queue = new ActiveMQQueue("messages.>");
> Destination topic = new ActiveMQTopic(">");
> {code}
> We are using the default authentication/authorization system as described in
> [Security
> Authentication/Authorization|http://activemq.apache.org/security.html#Security-Authorization]
> with the following configuration:
> {code:title=broker.xml|language=xml}
> <plugins>
> <simpleAuthenticationPlugin>
> <users>
> <authenticationUser
> username="admin"
> password="admin"
> groups="admins"/>
> <authenticationUser
> username="user"
> password="user"
> groups="users"/>
> </users>
> </simpleAuthenticationPlugin>
> <authorizationPlugin>
> <map>
> <authorizationMap>
> <authorizationEntries>
> <authorizationEntry topic="messages.>"
> read="admins"
> write="admins"
> admin="admins"/>
> <authorizationEntry topic="messages.cat2"
> read="admins"
> write="admins"
> admin="admins"/>
> <authorizationEntry topic="messages.cat1"
> read="admins, users"
> write="admins, users"
> admin="admins, users"/>
> <authorizationEntry topic="ActiveMQ.Advisory.>"
> read="admins, users"
> write="admins, users"
> admin="admins, users"/>
> </authorizationEntries>
> </authorizationMap>
> </map>
> </authorizationPlugin>
> </plugins>
> {code}
> As exepected, clients connecting as "user" to the topic "messages.cat2" get
> an exception ("User user is not authorized to read from:
> topic://messages.cat2"). Suprisingly "user" can receive messages from topic
> "messages.cat2" if he creates a consumer with the destination "messages.>":
> {code:title=consumer.java|language=java}
> final Destination destination = new ActiveMQTopic("messages.>");
> final Connection conn = new ActiveMQConnectionFactory("user", "user",
> BROKER_URL).createConnection();
> final Session session = conn.createSession(false, Session.AUTO_ACKNOWLEDGE);
> final MessageConsumer consumer = session.createConsumer(destination);
> conn.start();
> closure.run();
> final Message message = consumer.receive(TIMEOUT);
> session.close();
> conn.close();
> {code}
> IMHO this behaviour is a security problem as an unprivileged user can receive
> messages from a protected topic or queue!
--
This message was sent by Atlassian JIRA
(v6.2#6252)
