[GitHub] activemq-artemis issue #2422: ARTEMIS-2168 Fix "populate-validated-user" fea...
Github user michaelandrepearce commented on the issue: https://github.com/apache/activemq-artemis/pull/2422 closing this in liue of solution #2423 ---
[GitHub] activemq-artemis issue #2422: ARTEMIS-2168 Fix "populate-validated-user" fea...
Github user michaelandrepearce commented on the issue: https://github.com/apache/activemq-artemis/pull/2422 alternative option 1 - https://github.com/apache/activemq-artemis/pull/2423 ---
[GitHub] activemq-artemis issue #2422: ARTEMIS-2168 Fix "populate-validated-user" fea...
Github user michaelandrepearce commented on the issue: https://github.com/apache/activemq-artemis/pull/2422 @tabish121 im open to suggestion on how to implement this in a way thats more amenable to yourself. Other ideas i have: 1) Introduce a broker flag that specially and clearly named something like "allow-amqp-modfication-spec-break" then allows AMQP spec break, so its so clear that we're enabling a spec break. 2) If the populate-validated-user is set, then a or copy of the message is made. 3) Another idea, is there a tamper flag on AMQP spec? If so could we can set that? basically allowing you to say the message was mutated via the broker (and even possible say what was mutated (in this case user)). ---
[GitHub] activemq-artemis issue #2422: ARTEMIS-2168 Fix "populate-validated-user" fea...
Github user michaelandrepearce commented on the issue: https://github.com/apache/activemq-artemis/pull/2422 @tabish121 ok, so the use case here, is per https://issues.apache.org/jira/browse/ARTEMIS-584 essentially you cannot/do not trust the user sent on the message, you only trust the user used during auth to the broker, this is quite important for an audit requirement. In this case as i noted as a user you are explicitly saying you wish to violate spec and modify the message. whilst i agree by default the broker should NOT break any specs, there does need ability to violate/or override for a feature, this would be on par with some of the FQQN stuff that allows users to violate some bits in JMS, (e.g. get a JMS Queue actually bound to a JMS Topic subscription), but you do this explicitly knowing this. ---
[GitHub] activemq-artemis issue #2422: ARTEMIS-2168 Fix "populate-validated-user" fea...
Github user tabish121 commented on the issue: https://github.com/apache/activemq-artemis/pull/2422 @michaelandrepearce I may have worked due to a bug that allowed the broker to violate the AMQP specification but was fixed later (https://issues.apache.org/jira/browse/ARTEMIS-1092) and should continue to not allow the broker to violate the AMQP 1.0 specification. ---
[GitHub] activemq-artemis issue #2422: ARTEMIS-2168 Fix "populate-validated-user" fea...
Github user michaelandrepearce commented on the issue: https://github.com/apache/activemq-artemis/pull/2422 @tabish121 this used to work. Also note this is only when the toggle populate-validated-user is enabled, which is off by default. ---
[GitHub] activemq-artemis issue #2422: ARTEMIS-2168 Fix "populate-validated-user" fea...
Github user tabish121 commented on the issue: https://github.com/apache/activemq-artemis/pull/2422 -1 The properties section of an AMQP message is immutable and cannot be changed by the broker as per the AMQP 1.0 specification (Section 3.2) http://docs.oasis-open.org/amqp/core/v1.0/os/amqp-core-messaging-v1.0-os.html#section-message-format ---