[ 
https://issues.apache.org/jira/browse/ARTEMIS-4963?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Timothy A. Bish resolved ARTEMIS-4963.
--------------------------------------
    Fix Version/s: 2.37.0
       Resolution: Fixed

> Reject openwire senders that lack SEND permissions on attach
> ------------------------------------------------------------
>
>                 Key: ARTEMIS-4963
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-4963
>             Project: ActiveMQ Artemis
>          Issue Type: Improvement
>          Components: OpenWire
>    Affects Versions: 2.36.0
>            Reporter: Timothy A. Bish
>            Assignee: Timothy A. Bish
>            Priority: Minor
>             Fix For: 2.37.0
>
>          Time Spent: 1h
>  Remaining Estimate: 0h
>
> Currently the Openwire producers are allowed to attach even when the named 
> destination(s) it requests don't offer send permissions to the logged in user 
> (the sends themselves are validated).  The sends from these named or from 
> anonymous producers are checked for permission but only after such things as 
> conversion of the message to Core has happened which leads to unnecessary GC 
> overhead and wasted CPU cycles if the send is going to ultimately be 
> rejected.  
> We should reject Openwire senders on attach (which is what the ActiveMQ 
> 'Classic' broker does) and we should check send permissions prior to 
> unnecessarily converting messages to Core to reduce overhead from anonymous 
> senders that are sending into destinations they cannot write to.  This change 
> doesn't introduce any new security but simply  would respond more quickly and 
> efficiently than the current code would.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information, visit: https://activemq.apache.org/contact


Reply via email to