[jira] [Updated] (AMQ-7307) Using MessageAuthorizationPolicy gets into infinite retry loop
[ https://issues.apache.org/jira/browse/AMQ-7307?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nicolae updated AMQ-7307: - Description: We are trying to do authorization on message by message basis by validating an OIDC JWT token attached as property to each message. The way that I found so far (but please let us know for alternatives) is to implement MessageAuthorizationPolicy and return true if message to be accepted from security standpoint. The problem we face is that those rejected messages are retried. But the token is the same, and the answer will continue to be negative. Is there a way to disable retries, but only for those rejected by MessageAuthorizationPolicy ? Thank you. PS. I am not sure if it is a bug, we are just trying to solve our problem. We use shared storage with EFS, kahadb. The message delivery appears to happen on a Queue. What I know is that we use topics and virtual topics related to each individual consumer (microservice) and those virtual topics do function as queues. This is my limited understanding so far at least, I had experience with Apache Kafka before but not with JMS providers. Thanks Update I have found that implementing BrokerFilter.send would provide the message level opportunity to let a message through or not, however I have one question: In the BrokerFilter.send method, is there a way to signal somehow to the producer that it was rejected for security reasons? By throwing a custom Exception from send? Is the exception returned over the wire to the producer? Thank you, Nicu was: We are trying to do authorization on message by message basis by validating an OIDC JWT token attached as property to each message. The way that I found so far (but please let us know for alternatives) is to implement MessageAuthorizationPolicy and return true if message to be accepted from security standpoint. The problem we face is that those rejected messages are retried. But the token is the same, and the answer will continue to be negative. Is there a way to disable retries, but only for those rejected by MessageAuthorizationPolicy ? Thank you. PS. I am not sure if it is a bug, we are just trying to solve our problem. We use shared storage with EFS, kahadb. The message delivery appears to happen on a Queue. What I know is that we use topics and virtual topics related to each individual consumer (microservice) and those virtual topics do function as queues. This is my limited understanding so far at least, I had experience with Apache Kafka before but not with JMS providers. Thanks > Using MessageAuthorizationPolicy gets into infinite retry loop > --- > > Key: AMQ-7307 > URL: https://issues.apache.org/jira/browse/AMQ-7307 > Project: ActiveMQ > Issue Type: Bug > Components: activemq-pool >Affects Versions: 5.15.10 > Environment: Locally with docker compose, but it should not be > related to env. >Reporter: Nicolae >Priority: Major > > We are trying to do authorization on message by message basis by validating > an OIDC JWT token attached as property to each message. The way that I found > so far (but please let us know for alternatives) is to implement > MessageAuthorizationPolicy and return true if message to be accepted from > security standpoint. > The problem we face is that those rejected messages are retried. But the > token is the same, and the answer will continue to be negative. Is there a > way to disable retries, but only for those rejected by > MessageAuthorizationPolicy ? > Thank you. > PS. I am not sure if it is a bug, we are just trying to solve our problem. > We use shared storage with EFS, kahadb. > The message delivery appears to happen on a Queue. > What I know is that we use topics and virtual topics related to each > individual consumer (microservice) and those virtual topics do function as > queues. This is my limited understanding so far at least, I had experience > with Apache Kafka before but not with JMS providers. Thanks > > Update > I have found that implementing BrokerFilter.send would provide the message > level opportunity to let a message through or not, however I have one > question: > In the BrokerFilter.send method, is there a way to signal somehow to the > producer that it was rejected for security reasons? By throwing a custom > Exception from send? Is the exception returned over the wire to the producer? > Thank you, > Nicu -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (AMQ-7307) Using MessageAuthorizationPolicy gets into infinite retry loop
[ https://issues.apache.org/jira/browse/AMQ-7307?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nicolae updated AMQ-7307: - Issue Type: Improvement (was: Bug) > Using MessageAuthorizationPolicy gets into infinite retry loop > --- > > Key: AMQ-7307 > URL: https://issues.apache.org/jira/browse/AMQ-7307 > Project: ActiveMQ > Issue Type: Improvement > Components: activemq-pool >Affects Versions: 5.15.10 > Environment: Locally with docker compose, but it should not be > related to env. >Reporter: Nicolae >Priority: Major > > We are trying to do authorization on message by message basis by validating > an OIDC JWT token attached as property to each message. The way that I found > so far (but please let us know for alternatives) is to implement > MessageAuthorizationPolicy and return true if message to be accepted from > security standpoint. > The problem we face is that those rejected messages are retried. But the > token is the same, and the answer will continue to be negative. Is there a > way to disable retries, but only for those rejected by > MessageAuthorizationPolicy ? > Thank you. > PS. I am not sure if it is a bug, we are just trying to solve our problem. > We use shared storage with EFS, kahadb. > The message delivery appears to happen on a Queue. > What I know is that we use topics and virtual topics related to each > individual consumer (microservice) and those virtual topics do function as > queues. This is my limited understanding so far at least, I had experience > with Apache Kafka before but not with JMS providers. Thanks > > Update > I have found that implementing BrokerFilter.send would provide the message > level opportunity to let a message through or not, however I have one > question: > In the BrokerFilter.send method, is there a way to signal somehow to the > producer that it was rejected for security reasons? By throwing a custom > Exception from send? Is the exception returned over the wire to the producer? > Thank you, > Nicu -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (AMQ-7307) Using MessageAuthorizationPolicy gets into infinite retry loop
[ https://issues.apache.org/jira/browse/AMQ-7307?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nicolae updated AMQ-7307: - Description: We are trying to do authorization on message by message basis by validating an OIDC JWT token attached as property to each message. The way that I found so far (but please let us know for alternatives) is to implement MessageAuthorizationPolicy and return true if message to be accepted from security standpoint. The problem we face is that those rejected messages are retried. But the token is the same, and the answer will continue to be negative. Is there a way to disable retries, but only for those rejected by MessageAuthorizationPolicy ? Thank you. PS. I am not sure if it is a bug, we are just trying to solve our problem. We use shared storage with EFS, kahadb. The message delivery appears to happen on a Queue. What I know is that we use topics and virtual topics related to each individual consumer (microservice) and those virtual topics do function as queues. This is my limited understanding so far at least, I had experience with Apache Kafka before but not with JMS providers. Thanks was: We are trying to do authorization on message by message basis by validating an OIDC JWT token attached as property to each message. The way that I found so far (but please let us know for alternatives) is to implement MessageAuthorizationPolicy and return true if message to be accepted from security standpoint. The problem we face is that those rejected messages are retried. But the token is the same, and the answer will continue to be negative. Is there a way to disable retries, but only for those rejected by MessageAuthorizationPolicy ? Thank you. PS. I am not sure if it is a bug, we are just trying to solve our problem. We use shared storage with EFS, kahadb. The message delivery appears to happen on a Queue. What I know is that we use topics and virtual topics related to each individual consumer (microservice) and those virtual topics do function as queues. This is my limited understanding so far at least, I had experience with Kafka before. Thanks > Using MessageAuthorizationPolicy gets into infinite retry loop > --- > > Key: AMQ-7307 > URL: https://issues.apache.org/jira/browse/AMQ-7307 > Project: ActiveMQ > Issue Type: Bug > Components: activemq-pool >Affects Versions: 5.15.10 > Environment: Locally with docker compose, but it should not be > related to env. >Reporter: Nicolae >Priority: Major > > We are trying to do authorization on message by message basis by validating > an OIDC JWT token attached as property to each message. The way that I found > so far (but please let us know for alternatives) is to implement > MessageAuthorizationPolicy and return true if message to be accepted from > security standpoint. > The problem we face is that those rejected messages are retried. But the > token is the same, and the answer will continue to be negative. Is there a > way to disable retries, but only for those rejected by > MessageAuthorizationPolicy ? > Thank you. > PS. I am not sure if it is a bug, we are just trying to solve our problem. > We use shared storage with EFS, kahadb. > The message delivery appears to happen on a Queue. > What I know is that we use topics and virtual topics related to each > individual consumer (microservice) and those virtual topics do function as > queues. This is my limited understanding so far at least, I had experience > with Apache Kafka before but not with JMS providers. Thanks -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (AMQ-7307) Using MessageAuthorizationPolicy gets into infinite retry loop
Nicolae created AMQ-7307: Summary: Using MessageAuthorizationPolicy gets into infinite retry loop Key: AMQ-7307 URL: https://issues.apache.org/jira/browse/AMQ-7307 Project: ActiveMQ Issue Type: Bug Components: activemq-pool Affects Versions: 5.15.10 Environment: Locally with docker compose, but it should not be related to env. Reporter: Nicolae We are trying to do authorization on message by message basis by validating an OIDC JWT token attached as property to each message. The way that I found so far (but please let us know for alternatives) is to implement MessageAuthorizationPolicy and return true if message to be accepted from security standpoint. The problem we face is that those rejected messages are retried. But the token is the same, and the answer will continue to be negative. Is there a way to disable retries, but only for those rejected by MessageAuthorizationPolicy ? Thank you. PS. I am not sure if it is a bug, we are just trying to solve our problem. We use shared storage with EFS, kahadb. The message delivery appears to happen on a Queue. What I know is that we use topics and virtual topics related to each individual consumer (microservice) and those virtual topics do function as queues. This is my limited understanding so far at least, I had experience with Kafka before. Thanks -- This message was sent by Atlassian Jira (v8.3.4#803005)
