[jira] [Commented] (ARTEMIS-2751) Call to AMQPMessage.setValidatedUserID does nothing

Wed, 03 Jun 2020 10:48:24 -0700 


    [ 
https://issues.apache.org/jira/browse/ARTEMIS-2751?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17125174#comment-17125174
 ] 

Justin Bertram commented on ARTEMIS-2751:
-----------------------------------------

This was discussed on the dev mailing list, but I wanted to include an 
explanation here for those who don't have access to that list...

In short, I think AMQP messages will require a different solution than core 
messages due to the fact that properties in an AMQP message are immutable (as 
mentioned previously by Robbie). Also, AMQP has some built in support for these 
semantics.

Section 3.2.4 of the [AMQP 1.0 
specification|http://www.amqp.org/sites/amqp.org/files/amqp.pdf] defines the 
{{user-id}} message property and defines it as:

bq. The identity of the user responsible for producing the Message. The client 
sets this value, and it MAY be authenticated by intermediaries.

My recommendation would be to use this field when producing messages and then 
implement the 
{{org.apache.activemq.artemis.core.server.plugin.ActiveMQServerMessagePlugin#beforeSend()}}
 method in a plugin on the broker which checks this property against the value 
returned by 
{{org.apache.activemq.artemis.core.server.ServerSession#getValidatedUser()}}. 
See [the 
documentation|http://activemq.apache.org/components/artemis/documentation/latest/broker-plugins.html]
 for more details on implementing plugins.

> Call to AMQPMessage.setValidatedUserID does nothing
> ---------------------------------------------------
>
>                 Key: ARTEMIS-2751
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-2751
>             Project: ActiveMQ Artemis
>          Issue Type: Bug
>          Components: AMQP
>    Affects Versions: 2.12.0
>            Reporter: Viktor Kolomeyko
>            Priority: Major
>
> Method {{setValidatedUserID}} is not overridden for {{AMQPMessage}} class - 
> therefore it calls parent implementation which does nothing.
> On the other hand: 
> {{org.apache.activemq.artemis.core.message.impl.CoreMessage#setValidatedUserID}}
>  does the right thing and correctly retains validated user information as 
> supplied by 
> {{org.apache.activemq.artemis.core.server.impl.ServerSessionImpl#doSend}}
>  This deficiency prevents from reading 
> {{org.apache.activemq.artemis.api.core.Message#HDR_VALIDATED_USER}} attribute 
> when it is received via AMQP protocol. 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to