[
https://issues.apache.org/jira/browse/ARTEMIS-1872?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16488254#comment-16488254
]
ASF GitHub Bot commented on ARTEMIS-1872:
-----------------------------------------
Github user michaelandrepearce commented on a diff in the pull request:
https://github.com/apache/activemq-artemis/pull/2103#discussion_r190437791
--- Diff:
tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/server/SecureConfigurationTest.java
---
@@ -177,8 +161,31 @@ private void
internal_testSecureDurableSubscriber(ConnectionFactory connectionFa
} catch (JMSSecurityException j) {
//Expected exception
}
+
+ Connection connection = null;
+
+ try {
+ connection = connectionFactory.createConnection();
+ Session session = connection.createSession(false,
Session.AUTO_ACKNOWLEDGE);
+
+ try {
+ session.createTemporaryQueue();
+ Assert.fail("Security exception expected, but did not occur,
excepetion expected as not permissioned to create a temporary queue");
+ } catch (JMSSecurityException jmsse) {
+ IntegrationTestLogger.LOGGER.info("Client should have thrown a
JMSSecurityException but only threw JMSException");
--- End diff --
This is incorrect log message, it idicates a problem when actually this is
expected behaviour
> Correctly check for queue exists before creating shared queue
> -------------------------------------------------------------
>
> Key: ARTEMIS-1872
> URL: https://issues.apache.org/jira/browse/ARTEMIS-1872
> Project: ActiveMQ Artemis
> Issue Type: Bug
> Affects Versions: 2.5.0
> Reporter: Michael Andre Pearce
> Priority: Major
>
> Prior to 2.5.0, artemis incorrectly always checked the perms for Non Durable
> on createSharedQueue , even if the queue being created was a Durable queue.
> securityCheck(address, name, CheckType.*_CREATE_NON_DURABLE_QUEUE_*, *this*);
>
> In 2.5.0+ this has been corrected, so it checks the permissions appropriately
> for the durability.
> securityCheck(address, name, durable ? CheckType.*_CREATE_DURABLE_QUEUE_* :
> CheckType.*_CREATE_NON_DURABLE_QUEUE_*, *this*);
>
> This though has exposed that in some area's of the Core client code, and also
> AMQP, and OpenWire that the code isn't checking that queue exists before
> calling to create it, meaning a client with consume permission but without
> create durable queue permissions, would fail but should not as the queue
> exists.
> Also it was noted on creating the test case to prove this that AMQP JMS
> Client when security exception occurs, was not correctly throwing
> JMSSecurityException, this is due to the broker not returning the correct
> AMQP error code, in these circumstances.
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
