[jira] [Updated] (ARTEMIS-2893) Concurrent user admin actions can corrupt properties

Wed, 02 Sep 2020 09:00:12 -0700 


     [ 
https://issues.apache.org/jira/browse/ARTEMIS-2893?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Justin Bertram updated ARTEMIS-2893:
------------------------------------
    Description: 
When performing concurrent user admin actions (e.g. {{resetUser}}, {{addUser}}, 
{{removeUser}} on {{ActiveMQServerControl}}) when using the 
{{PropertiesLoginModule}} with {{reload=true}} the underlying user and role 
properties files can get corrupted.

Run this script:
{code:java}
#!/bin/bash
for i in {1..5}
do

        # remove myuser
        curl -k --user admin:admin -H "Origin: http://localhost:8161"; 
"http://localhost:8161/console/jolokia/exec/org.apache.activemq.artemis:broker=%220.0.0.0%22/removeUser(java.lang.String)/myuser"
 &      
  
        # create user 'myuser' with password 'mypassword'
        curl -k --user admin:admin -H "Origin: http://localhost:8161"; 
"http://localhost:8161/console/jolokia/exec/org.apache.activemq.artemis:broker=%220.0.0.0%22/addUser(java.lang.String,java.lang.String,java.lang.String,boolean)/myuser/mypassword//false"
 & 
       
        # add role 'myrole' to 'myuser'
        curl -k --user admin:admin -H "Origin: http://localhost:8161"; 
"http://localhost:8161/console/jolokia/exec/org.apache.activemq.artemis:broker=%220.0.0.0%22/resetUser(java.lang.String,java.lang.String,java.lang.String)/myuser/mypassword/myrole"
 &       

        # perform read operation as admin user, just to see if we can connect
        curl -k --user admin:admin -H "Origin: http://localhost:8161"; 
"http://localhost:8161/console/jolokia/exec/org.apache.activemq.artemis:broker=%220.0.0.0%22/listNetworkTopology()"
 &
done
{code}
Sometimes the following logs will be encountered in the broker (note that the 
test does not remove/add admin):
{code:java}
2020-09-01 14:35:28,398 WARN [io.hawt.system.Authenticator] Login failed due 
to: User does not exist: admin{code}
The script may need to be run multiple times to trigger the {{WARN}}.
Examination, in this case, of artemis-roles.properties shows:
{code:java}
$ cat etc/artemis-roles.properties | grep -v '#'
amq = admin
 = myuser
{code}
Multiple variations of the corruption may occur.

 

 

  was:When performing concurrent user admin actions (e.g. {{resetUser}}, 
{{addUser}}, {{removeUser}} on {{ActiveMQServerControl}}) when using the 
{{PropertiesLoginModule}} with {{reload=true}} the underlying user and role 
properties files can get corrupted.


> Concurrent user admin actions can corrupt properties
> ----------------------------------------------------
>
>                 Key: ARTEMIS-2893
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-2893
>             Project: ActiveMQ Artemis
>          Issue Type: Bug
>            Reporter: Justin Bertram
>            Assignee: Justin Bertram
>            Priority: Major
>
> When performing concurrent user admin actions (e.g. {{resetUser}}, 
> {{addUser}}, {{removeUser}} on {{ActiveMQServerControl}}) when using the 
> {{PropertiesLoginModule}} with {{reload=true}} the underlying user and role 
> properties files can get corrupted.
> Run this script:
> {code:java}
> #!/bin/bash
> for i in {1..5}
> do
>         # remove myuser
>         curl -k --user admin:admin -H "Origin: http://localhost:8161"; 
> "http://localhost:8161/console/jolokia/exec/org.apache.activemq.artemis:broker=%220.0.0.0%22/removeUser(java.lang.String)/myuser"
>  &      
>   
>         # create user 'myuser' with password 'mypassword'
>         curl -k --user admin:admin -H "Origin: http://localhost:8161"; 
> "http://localhost:8161/console/jolokia/exec/org.apache.activemq.artemis:broker=%220.0.0.0%22/addUser(java.lang.String,java.lang.String,java.lang.String,boolean)/myuser/mypassword//false"
>  & 
>        
>         # add role 'myrole' to 'myuser'
>         curl -k --user admin:admin -H "Origin: http://localhost:8161"; 
> "http://localhost:8161/console/jolokia/exec/org.apache.activemq.artemis:broker=%220.0.0.0%22/resetUser(java.lang.String,java.lang.String,java.lang.String)/myuser/mypassword/myrole"
>  &       
>         # perform read operation as admin user, just to see if we can connect
>         curl -k --user admin:admin -H "Origin: http://localhost:8161"; 
> "http://localhost:8161/console/jolokia/exec/org.apache.activemq.artemis:broker=%220.0.0.0%22/listNetworkTopology()"
>  &
> done
> {code}
> Sometimes the following logs will be encountered in the broker (note that the 
> test does not remove/add admin):
> {code:java}
> 2020-09-01 14:35:28,398 WARN [io.hawt.system.Authenticator] Login failed due 
> to: User does not exist: admin{code}
> The script may need to be run multiple times to trigger the {{WARN}}.
> Examination, in this case, of artemis-roles.properties shows:
> {code:java}
> $ cat etc/artemis-roles.properties | grep -v '#'
> amq = admin
>  = myuser
> {code}
> Multiple variations of the corruption may occur.
>  
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to