Torsten Mielke created AMQ-5141:
-----------------------------------
Summary: Message expiry that is done as part of a
removeSubscription command should not use the clients credentials.
Key: AMQ-5141
URL: https://issues.apache.org/jira/browse/AMQ-5141
Project: ActiveMQ
Issue Type: Bug
Components: Broker
Affects Versions: 5.9.0
Reporter: Torsten Mielke
If the broker handles a RemoveInfo command it may also kick off a message
expiry check for (I presume) any prefetched messages. If messages are to be
expired they get sent to ActiveMQ.DLQ by default. See stack trace in next
comment.
If the broker is security enabled with authorization turned on and messages get
sent to DLQ as a result of the expiry check then the broker uses the client's
security context when sending the messages to DLQ.
This implies the client user needs to have write access to ActiveMQ.DLQ.
As this may happen with any other client, all client users will require write
access to ActiveMQ.DLQ, which may not be appropriate from a security point of
view.
The broker regularly runs an expiry check and uses a broker internal security
context for this task. In my opinion this same broker internal security context
should be used when expiring messages as part of the RemoveInfo command. The
broker should not use the client's security context.
[1]
The current behavior can raise the following SecurityException if the client
user does not have write access to ActiveMQ.DLQ
{code}
2014-04-11 08:11:22,229 | WARN | 2.38:61201@61616 | RegionBroker |
ivemq.broker.region.RegionBroker 703 |
105 - org.apache.activemq.activemq-osgi - 5.8.0.redhat-60024 | Caught an
exception sending to DLQ: Message
ID:S930A3085-50865-635327964441522304-1:1:363:2:1 dropped=false acked=false
locked=true
java.lang.SecurityException: User Test is not authorized to write to:
queue://ActiveMQ.DLQ
at
org.apache.activemq.security.AuthorizationBroker.send(AuthorizationBroker.java:197)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
at
org.apache.activemq.broker.MutableBrokerFilter.send(MutableBrokerFilter.java:135)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
at
org.apache.activemq.util.BrokerSupport.doResend(BrokerSupport.java:68)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
at
org.apache.activemq.util.BrokerSupport.resendNoCopy(BrokerSupport.java:38)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
at
org.apache.activemq.broker.region.RegionBroker.sendToDeadLetterQueue(RegionBroker.java:691)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
at
org.apache.activemq.broker.BrokerFilter.sendToDeadLetterQueue(BrokerFilter.java:262)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
at
org.apache.activemq.broker.BrokerFilter.sendToDeadLetterQueue(BrokerFilter.java:262)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
at
org.apache.activemq.advisory.AdvisoryBroker.sendToDeadLetterQueue(AdvisoryBroker.java:413)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
at
org.apache.activemq.broker.BrokerFilter.sendToDeadLetterQueue(BrokerFilter.java:262)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
at
org.apache.activemq.broker.BrokerFilter.sendToDeadLetterQueue(BrokerFilter.java:262)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
at
org.apache.activemq.broker.MutableBrokerFilter.sendToDeadLetterQueue(MutableBrokerFilter.java:274)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
at
org.apache.activemq.broker.util.RedeliveryPlugin.sendToDeadLetterQueue(RedeliveryPlugin.java:132)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
at
org.apache.activemq.broker.BrokerFilter.sendToDeadLetterQueue(BrokerFilter.java:262)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
at
org.apache.activemq.broker.BrokerFilter.sendToDeadLetterQueue(BrokerFilter.java:262)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
at
org.apache.activemq.broker.MutableBrokerFilter.sendToDeadLetterQueue(MutableBrokerFilter.java:274)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
at
org.apache.activemq.broker.region.RegionBroker.messageExpired(RegionBroker.java:659)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
at
org.apache.activemq.broker.BrokerFilter.messageExpired(BrokerFilter.java:257)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
at
org.apache.activemq.broker.BrokerFilter.messageExpired(BrokerFilter.java:257)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
at
org.apache.activemq.advisory.AdvisoryBroker.messageExpired(AdvisoryBroker.java:283)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
at
org.apache.activemq.broker.BrokerFilter.messageExpired(BrokerFilter.java:257)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
at
org.apache.activemq.broker.BrokerFilter.messageExpired(BrokerFilter.java:257)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
at
org.apache.activemq.broker.MutableBrokerFilter.messageExpired(MutableBrokerFilter.java:269)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
at
org.apache.activemq.broker.BrokerFilter.messageExpired(BrokerFilter.java:257)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
at
org.apache.activemq.broker.BrokerFilter.messageExpired(BrokerFilter.java:257)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
at
org.apache.activemq.broker.MutableBrokerFilter.messageExpired(MutableBrokerFilter.java:269)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
at
org.apache.activemq.broker.region.Queue.messageExpired(Queue.java:1671)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
at
org.apache.activemq.broker.region.PrefetchSubscription.dispatchPending(PrefetchSubscription.java:648)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
at
org.apache.activemq.broker.region.PrefetchSubscription.add(PrefetchSubscription.java:162)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
at
org.apache.activemq.broker.region.Queue.doActualDispatch(Queue.java:1907)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
at
org.apache.activemq.broker.region.Queue.doDispatch(Queue.java:1834)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
at
org.apache.activemq.broker.region.Queue.removeSubscription(Queue.java:576)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
at
org.apache.activemq.broker.region.AbstractRegion.removeConsumer(AbstractRegion.java:380)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
at
org.apache.activemq.broker.region.RegionBroker.removeConsumer(RegionBroker.java:364)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
at
org.apache.activemq.broker.jmx.ManagedRegionBroker.removeConsumer(ManagedRegionBroker.java:247)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
at
org.apache.activemq.broker.BrokerFilter.removeConsumer(BrokerFilter.java:117)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
at
org.apache.activemq.broker.BrokerFilter.removeConsumer(BrokerFilter.java:117)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
at
org.apache.activemq.advisory.AdvisoryBroker.removeConsumer(AdvisoryBroker.java:253)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
at
org.apache.activemq.broker.BrokerFilter.removeConsumer(BrokerFilter.java:117)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
at
org.apache.activemq.broker.BrokerFilter.removeConsumer(BrokerFilter.java:117)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
at
org.apache.activemq.broker.MutableBrokerFilter.removeConsumer(MutableBrokerFilter.java:123)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
at
org.apache.activemq.broker.BrokerFilter.removeConsumer(BrokerFilter.java:117)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
at
org.apache.activemq.broker.BrokerFilter.removeConsumer(BrokerFilter.java:117)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
at
org.apache.activemq.broker.MutableBrokerFilter.removeConsumer(MutableBrokerFilter.java:123)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
at
org.apache.activemq.broker.TransportConnection.processRemoveConsumer(TransportConnection.java:651)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
at
org.apache.activemq.command.RemoveInfo.visit(RemoveInfo.java:76)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
at
org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:329)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
at
org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:184)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
at
org.apache.activemq.transport.MutexTransport.onCommand(MutexTransport.java:50)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
at
org.apache.activemq.transport.WireFormatNegotiator.onCommand(WireFormatNegotiator.java:113)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
at
org.apache.activemq.transport.AbstractInactivityMonitor.onCommand(AbstractInactivityMonitor.java:288)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
at
org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:83)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
at
org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:214)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
at
org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:196)[105:org.apache.activemq.activemq-osgi:5.8.0.redhat-60024]
at java.lang.Thread.run(Unknown Source)[:1.6.0_26]
{code}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
