Albertas Vyšniauskas created AMQ-9472:
-----------------------------------------
Summary: Wildcard publisher auto-creates wildcard topic and breaks
authorization
Key: AMQ-9472
URL: https://issues.apache.org/jira/browse/AMQ-9472
Project: ActiveMQ Classic
Issue Type: Bug
Components: Broker
Reporter: Albertas Vyšniauskas
Hi,
after publishing a message to wildcard topic, a wildcard topic is auto-created
and interacts poorly with authorization rules.
Suppose that authorization map contains the following entries:
<authorizationEntry read="admin" write="admin" admin="admin" topic=">" />
<authorizationEntry read="user" topic="A.B" />
Admin creates "A.B" topic and publishes a message to "A.>" causing
auto-creation of "A.>" topic.
User attempts to consume "A.B" topic, but receives "User user is not authorized
to read from: topic://A.>" error.
I asked on user mailing list if wildcard publishing is supposed to work at all,
as I could not find any documentation about that. Unfortunately I did not
receive any response, so I have to assume that it does.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
