[jira] [Resolved] (ARTEMIS-2893) Concurrent user admin actions can corrupt properties

Wed, 16 Sep 2020 08:36:45 -0700 


     [ 
https://issues.apache.org/jira/browse/ARTEMIS-2893?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Justin Bertram resolved ARTEMIS-2893.
-------------------------------------
    Fix Version/s: 2.16.0
       Resolution: Fixed

> Concurrent user admin actions can corrupt properties
> ----------------------------------------------------
>
>                 Key: ARTEMIS-2893
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-2893
>             Project: ActiveMQ Artemis
>          Issue Type: Bug
>            Reporter: Justin Bertram
>            Assignee: Justin Bertram
>            Priority: Major
>             Fix For: 2.16.0
>
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> When performing concurrent user admin actions (e.g. {{resetUser}}, 
> {{addUser}}, {{removeUser}} on {{ActiveMQServerControl}}) when using the 
> {{PropertiesLoginModule}} with {{reload=true}} the underlying user and role 
> properties files can get corrupted.
> Run this script:
> {code:java}
> #!/bin/bash
> for i in {1..5}
> do
>         # remove myuser
>         curl -k --user admin:admin -H "Origin: http://localhost:8161"; 
> "http://localhost:8161/console/jolokia/exec/org.apache.activemq.artemis:broker=%220.0.0.0%22/removeUser(java.lang.String)/myuser"
>  &      
>   
>         # create user 'myuser' with password 'mypassword'
>         curl -k --user admin:admin -H "Origin: http://localhost:8161"; 
> "http://localhost:8161/console/jolokia/exec/org.apache.activemq.artemis:broker=%220.0.0.0%22/addUser(java.lang.String,java.lang.String,java.lang.String,boolean)/myuser/mypassword//false"
>  & 
>        
>         # add role 'myrole' to 'myuser'
>         curl -k --user admin:admin -H "Origin: http://localhost:8161"; 
> "http://localhost:8161/console/jolokia/exec/org.apache.activemq.artemis:broker=%220.0.0.0%22/resetUser(java.lang.String,java.lang.String,java.lang.String)/myuser/mypassword/myrole"
>  &       
>         # perform read operation as admin user, just to see if we can connect
>         curl -k --user admin:admin -H "Origin: http://localhost:8161"; 
> "http://localhost:8161/console/jolokia/exec/org.apache.activemq.artemis:broker=%220.0.0.0%22/listNetworkTopology()"
>  &
> done
> {code}
> Sometimes the following logs will be encountered in the broker (note that the 
> test does not remove/add admin):
> {code:java}
> 2020-09-01 14:35:28,398 WARN [io.hawt.system.Authenticator] Login failed due 
> to: User does not exist: admin{code}
> The script may need to be run multiple times to trigger the {{WARN}}.
> Examination, in this case, of artemis-roles.properties shows:
> {code:java}
> $ cat etc/artemis-roles.properties | grep -v '#'
> amq = admin
>  = myuser
> {code}
> Multiple variations of the corruption may occur.
>  
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to