[
https://issues.apache.org/jira/browse/AMQ-9475?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Christopher L. Shannon resolved AMQ-9475.
-----------------------------------------
Resolution: Fixed
> ConsumerControl commands for wildcard consumers should not auto-create
> destinations
> -----------------------------------------------------------------------------------
>
> Key: AMQ-9475
> URL: https://issues.apache.org/jira/browse/AMQ-9475
> Project: ActiveMQ Classic
> Issue Type: Bug
> Reporter: Christopher L. Shannon
> Assignee: Christopher L. Shannon
> Priority: Major
> Fix For: 6.2.0, 5.18.5, 6.1.2
>
> Time Spent: 50m
> Remaining Estimate: 0h
>
> While investigating AMQ-9472, it was
> [pointed|https://github.com/apache/activemq/pull/1198#issuecomment-2046523027]
> out in some cases (like with Stomp) wildcard destinations that do not exist
> could be auto created on subscribe which besides creating the extra
> destination, can also lead to errors if proper ACLs are not set up.
> As
> [pointed|https://github.com/apache/activemq/pull/1198#issuecomment-2047625950]
> out, the bug here is that wildcard destinations should not be auto-created
> just by subscribing using a wildcard. There is a check for this in
> [addConsumer()|https://github.com/apache/activemq/blob/e025e443e65d4bd3c2c27f11d6caa7bfbd2c9626/activemq-broker/src/main/java/org/apache/activemq/broker/region/AbstractRegion.java#L344-L346]
> but
> [processConsumerControl()|https://github.com/apache/activemq/blob/e025e443e65d4bd3c2c27f11d6caa7bfbd2c9626/activemq-broker/src/main/java/org/apache/activemq/broker/region/AbstractRegion.java#L694]
> does not have the checks. So any time that command is sent (like prefetch
> update) this could be an issue.
> This can be fixed by only looking up destinations that are wildcards and not
> auto creating them when processing consumer control objects just like
> addConsumer() does.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
