[
https://issues.apache.org/jira/browse/ARTEMIS-3656?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17482744#comment-17482744
]
Justin Bertram commented on ARTEMIS-3656:
-----------------------------------------
We have a [hacking
guide|https://activemq.apache.org/components/artemis/documentation/hacking-guide/]
which outlines how you can contribute. In short, you just need to send a PR to
the [GitHub project|https://github.com/apache/activemq-artemis] with the fix
and a test to validate the fix. The test should fail without the fix and
succeed with the fix.
Anything merged into the code-base before the release will be included in the
release.
If you don't do it yourself there's no real guarantee when it will be done.
This is the nature of [community support|https://activemq.apache.org/support].
In this case the fix is simple, but a test still needs to be written and that
will be more complex than the fix. We have existing independent tests for both
certificate authentication and resource limits. We just need a test that
combines the two. I'll probably have a chance to look into creating a test in
the next few days, but something else could always come up.
> Client session limit is evaluated incorrectly for ssl connections
> -----------------------------------------------------------------
>
> Key: ARTEMIS-3656
> URL: https://issues.apache.org/jira/browse/ARTEMIS-3656
> Project: ActiveMQ Artemis
> Issue Type: Bug
> Affects Versions: 2.17.0
> Reporter: Alexander
> Priority: Major
>
> Client session limit is evaluated incorrectly for SSL connections.
> For authentication, the
> {{org.apache.activemq.artemis.spi.core.security.jaas.TextFileCertificateLoginModule}}
> module is used (clients do not specify a user and password to create
> connections).
> In this case, the user can enter any other user, and the connection count
> check will be performed for the specified user (so {{validatedUser}} must be
> used).
> The problem is in the
> {{org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl#getSessionCountForUser}}
> method. The check is not based on {{validatedUser}} but on {{user}} (which
> users do not enter). As a result we get a {{NullPointerException}} in the
> code below.
> {code:java}
> private int getSessionCountForUser(String username) {
> int sessionCount = 0;
> for (Entry<String, ServerSession> sessionEntry : sessions.entrySet()) {
> if (sessionEntry.getValue().getUsername().equals(username)) { // change
> to sessionEntry.getValue().getValidatedUser()....
> sessionCount++;
> }
> }
> return sessionCount;
> }{code}
>
> Files in {{etc}} folder:
> 1) {{login.config}}:
> {noformat}
> CertLogin {
>
> org.apache.activemq.artemis.spi.core.security.jaas.TextFileCertificateLoginModule
> requisite
> debug=false
> reload=true
> org.apache.activemq.jaas.textfiledn.user="cert-users.properties"
> org.apache.activemq.jaas.textfiledn.role="cert-roles.properties";
> };{noformat}
> 2) {{broker.xml}}:
> {code:xml}
> <resource-limit-settings>
> <resource-limit-setting match="user1">
> <max-connections>5</max-connections>
> </resource-limit-setting>
> </resource-limit-settings>
> <acceptors>
> <acceptor
> name="artemis">tcp://0.0.0.0:60001?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;amqpMinLargeMessageSize=102400;protocols=CORE,AMQP,STOMP,HORNETQ,MQTT,OPENWIRE;useEpoll=true;amqpCredits=1000;amqpLowCredits=300;amqpDuplicateDetection=true;sslEnabled=true;keyStorePath=/app/artemis/ssl/artemis_server_gw.jks;trustStorePath=/app/artemis/ssl/artemis_server_gw.jks;keyStorePassword=secret;trustStorePassword=secret;enabledCipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA256;enabledProtocols=TLSv1.2;needClientAuth=true</acceptor>
> </acceptors>{code}
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
