[
https://issues.apache.org/jira/browse/AMQ-7058?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16907363#comment-16907363
]
Alexander commented on AMQ-7058:
--------------------------------
We have the same issue with ActiveMQ 5.15.9
{code:java}
Policy not applied!. Error processing policy under
'[OU=Queue,OU=Destinations,OU=XXX,OU=YYY,OU=YADDA,DC=YADDA,DC=FOO,DC=BAR,
(cn=Write)]' with filter '{}' java.lang.NullPointerException at
org.apache.activemq.security.SimpleCachedLDAPAuthorizationMap.applyACL(SimpleCachedLDAPAuthorizationMap.java:392)[activemq-broker-5.15.9.jar:5.15.9]
at
org.apache.activemq.security.SimpleCachedLDAPAuthorizationMap.processQueryResults(SimpleCachedLDAPAuthorizationMap.java:300)[activemq-broker-5.15.9.jar:5.15.9]
at
org.apache.activemq.security.SimpleCachedLDAPAuthorizationMap.query(SimpleCachedLDAPAuthorizationMap.java:236)[activemq-broker-5.15.9.jar:5.15.9]
at
org.apache.activemq.security.SimpleCachedLDAPAuthorizationMap.afterPropertiesSet(SimpleCachedLDAPAuthorizationMap.java:939)[activemq-broker-5.15.9.jar:5.15.9]
at
org.apache.activemq.security.CachedLDAPAuthorizationMap.afterPropertiesSet(CachedLDAPAuthorizationMap.java:34)[activemq-spring-5.15.9.jar:5.15.9]
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1692)[spring-beans-4.3.18.RELEASE.jar:4.3.18.RELEASE]
{code}
*The result is this:*
The SimpleCachedLDAPAuthorizationMap tries to load all the permissions from
LDAP. Encountering the first entry without a {{member}} attribute a
NullPointerException is thrown and no further permissions are loaded. This
means that only a subset of permissions are actually being applied. This
happens every couple of minutes when the cache is refreshed.
*The solution* would be quite simple: Just do a null-check before calling
{{memberAttribute.getAll()}} and return.
{code:java}
if (memberAttribute != null) {
NamingEnumeration<?> memberAttributeEnum = memberAttribute.getAll();
while (memberAttributeEnum.hasMoreElements()) {
...{code}
> Write permissions blocked on all queues when one does not have member in LDAP
> ------------------------------------------------------------------------------
>
> Key: AMQ-7058
> URL: https://issues.apache.org/jira/browse/AMQ-7058
> Project: ActiveMQ
> Issue Type: Bug
> Components: Broker
> Affects Versions: 5.15.3, 5.15.4
> Reporter: Natisha Stiles
> Priority: Major
> Attachments: log.txt, writeError.txt
>
>
> I've only tested with 5.13 and 5.14.4
> Received this exception after broker start. (full start log attached)
> 2018-09-20 16:19:47,575 | ERROR | Policy not applied!. Error processing
> policy under '[ou=ActiveMQ,ou=CTL,ou=Apps,o=up, (cn=Write)]' with filter '{}'
> | org.apache.activemq.security.SimpleCachedLDAPAuthorizationMap | main
> java.lang.NullPointerException
> Could not write to any queue that had valid write permissions (attached
> example of error on queue that has valid write permissions). User deeb005 is
> not authorized to write to: queue://TEST.QUEUE Ended up finding one queue
> that had blank write permissions. One queue not having write permissions
> should not block all queues from utilizing valid permissions.
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
