ActiveMQ
  1. ActiveMQ
  2. AMQ-2516

SecurityException raised when broker tries to move expired message to DLQ

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 5.3.0
    • Fix Version/s: 5.3.1, 5.4.0
    • Component/s: Broker
    • Labels:
      None
    • Environment:

      Windows XP SP2
      Java JRE 1.6

      Issue found on both FUSE Message Broker 5.3.0.3 & 5.3.0.5 (based on Apache ActiveMQ 5.3)

      Description

      I have enabled authentication + authorization in my broker configuration file as follows:

      <jaasAuthenticationPlugin configuration="PropertiesLogin" />

      <authorizationPlugin>
      <map>
      <authorizationMap>
      <authorizationEntries>
      <authorizationEntry queue=">" read="users" write="users" admin="users"/>
      <authorizationEntry topic="ActiveMQ.Advisory.>" read="users" write="users" admin="users"/>
      </authorizationEntries>
      </authorizationMap>
      </map>
      </authorizationPlugin>

      If I send a message with a TTL into the queue (using provided sample configured with the right username and password) and then try to look after the message in the queue after it has expired using the Web Console, I got the following exception:

      "Caught an exception sending to DLQ: Message ID:PC198829-1539-1259168148838-0:1:1:1:1 dropped=false locked=false
      java.lang.SecurityException: User is not authenticated."

      This only occurs when the broker has to deal with the DLQ as I can successfully read/write in any queue.

      It seems that the thread responsible for moving the message into the DLQ doesn't have the right to perform this action (username and password not propagated to its connexion context ? ).

      1. activemq_configuration.zip
        4 kB
        Concombre Masqué
      2. activemq.log
        411 kB
        Concombre Masqué
      3. jmsproducer_sample.zip
        1 kB
        Concombre Masqué

        Activity

        Concombre Masqué created issue -
        Concombre Masqué made changes -
        Field Original Value New Value
        Attachment activemq.log [ 18688 ]
        Attachment activemq_configuration.zip [ 18689 ]
        Attachment jmsproducer_sample.zip [ 18690 ]
        Concombre Masqué made changes -
        Environment Windows XP SP2
        Java JRE 1.6
        Windows XP SP2
        Java JRE 1.6

        Issue found on both FUSE Message Broker 5.3.0.3 & 5.3.0.5 (based on Apache ActiveMQ 5.3)
        Concombre Masqué made changes -
        Description I have enabled authentication + authorization in my broker configuration file as follows:

        <jaasAuthenticationPlugin configuration="PropertiesLogin" />

        <authorizationPlugin>
        <map>
        <authorizationMap>
        <authorizationEntries>
        <authorizationEntry queue=">" read="users" write="users" admin="users"/>
        <authorizationEntry topic="ActiveMQ.Advisory.>" read="users" write="users" admin="users"/>
        </authorizationEntries>
        </authorizationMap>
        </map>
        </authorizationPlugin>

        If I send a message with a TTL into the queue (using a client configured with the right username and password) and then try to look after the message in the queue after it has expired using the Web Console, I got the following exception:

        "Caught an exception sending to DLQ: Message ID:PC198829-1539-1259168148838-0:1:1:1:1 dropped=false locked=false
        java.lang.SecurityException: User is not authenticated."

        This only occurs when the broker has to deal with the DLQ. I can successfully read/write in any queue from either my client or the ActiveMQ Web Console.
        It seems that the thread responsible for moving the message into the DLQ doesn't have the right to perform this action.
        I have enabled authentication + authorization in my broker configuration file as follows:

        <jaasAuthenticationPlugin configuration="PropertiesLogin" />

        <authorizationPlugin>
        <map>
        <authorizationMap>
        <authorizationEntries>
        <authorizationEntry queue=">" read="users" write="users" admin="users"/>
        <authorizationEntry topic="ActiveMQ.Advisory.>" read="users" write="users" admin="users"/>
        </authorizationEntries>
        </authorizationMap>
        </map>
        </authorizationPlugin>

        If I send a message with a TTL into the queue (using provided sample configured with the right username and password) and then try to look after the message in the queue after it has expired using the Web Console, I got the following exception:

        "Caught an exception sending to DLQ: Message ID:PC198829-1539-1259168148838-0:1:1:1:1 dropped=false locked=false
        java.lang.SecurityException: User is not authenticated."

        This only occurs when the broker has to deal with the DLQ. I can successfully read/write in any queue.

        It seems that the thread responsible for moving the message into the DLQ doesn't have the right to perform this action (username and password not propagated to its connexion context).
        Concombre Masqué made changes -
        Description I have enabled authentication + authorization in my broker configuration file as follows:

        <jaasAuthenticationPlugin configuration="PropertiesLogin" />

        <authorizationPlugin>
        <map>
        <authorizationMap>
        <authorizationEntries>
        <authorizationEntry queue=">" read="users" write="users" admin="users"/>
        <authorizationEntry topic="ActiveMQ.Advisory.>" read="users" write="users" admin="users"/>
        </authorizationEntries>
        </authorizationMap>
        </map>
        </authorizationPlugin>

        If I send a message with a TTL into the queue (using provided sample configured with the right username and password) and then try to look after the message in the queue after it has expired using the Web Console, I got the following exception:

        "Caught an exception sending to DLQ: Message ID:PC198829-1539-1259168148838-0:1:1:1:1 dropped=false locked=false
        java.lang.SecurityException: User is not authenticated."

        This only occurs when the broker has to deal with the DLQ. I can successfully read/write in any queue.

        It seems that the thread responsible for moving the message into the DLQ doesn't have the right to perform this action (username and password not propagated to its connexion context).
        I have enabled authentication + authorization in my broker configuration file as follows:

        <jaasAuthenticationPlugin configuration="PropertiesLogin" />

        <authorizationPlugin>
        <map>
        <authorizationMap>
        <authorizationEntries>
        <authorizationEntry queue=">" read="users" write="users" admin="users"/>
        <authorizationEntry topic="ActiveMQ.Advisory.>" read="users" write="users" admin="users"/>
        </authorizationEntries>
        </authorizationMap>
        </map>
        </authorizationPlugin>

        If I send a message with a TTL into the queue (using provided sample configured with the right username and password) and then try to look after the message in the queue after it has expired using the Web Console, I got the following exception:

        "Caught an exception sending to DLQ: Message ID:PC198829-1539-1259168148838-0:1:1:1:1 dropped=false locked=false
        java.lang.SecurityException: User is not authenticated."

        This only occurs when the broker has to deal with the DLQ as I can successfully read/write in any queue.

        It seems that the thread responsible for moving the message into the DLQ doesn't have the right to perform this action (username and password not propagated to its connexion context).
        Concombre Masqué made changes -
        Description I have enabled authentication + authorization in my broker configuration file as follows:

        <jaasAuthenticationPlugin configuration="PropertiesLogin" />

        <authorizationPlugin>
        <map>
        <authorizationMap>
        <authorizationEntries>
        <authorizationEntry queue=">" read="users" write="users" admin="users"/>
        <authorizationEntry topic="ActiveMQ.Advisory.>" read="users" write="users" admin="users"/>
        </authorizationEntries>
        </authorizationMap>
        </map>
        </authorizationPlugin>

        If I send a message with a TTL into the queue (using provided sample configured with the right username and password) and then try to look after the message in the queue after it has expired using the Web Console, I got the following exception:

        "Caught an exception sending to DLQ: Message ID:PC198829-1539-1259168148838-0:1:1:1:1 dropped=false locked=false
        java.lang.SecurityException: User is not authenticated."

        This only occurs when the broker has to deal with the DLQ as I can successfully read/write in any queue.

        It seems that the thread responsible for moving the message into the DLQ doesn't have the right to perform this action (username and password not propagated to its connexion context).
        I have enabled authentication + authorization in my broker configuration file as follows:

        <jaasAuthenticationPlugin configuration="PropertiesLogin" />

        <authorizationPlugin>
        <map>
        <authorizationMap>
        <authorizationEntries>
        <authorizationEntry queue=">" read="users" write="users" admin="users"/>
        <authorizationEntry topic="ActiveMQ.Advisory.>" read="users" write="users" admin="users"/>
        </authorizationEntries>
        </authorizationMap>
        </map>
        </authorizationPlugin>

        If I send a message with a TTL into the queue (using provided sample configured with the right username and password) and then try to look after the message in the queue after it has expired using the Web Console, I got the following exception:

        "Caught an exception sending to DLQ: Message ID:PC198829-1539-1259168148838-0:1:1:1:1 dropped=false locked=false
        java.lang.SecurityException: User is not authenticated."

        This only occurs when the broker has to deal with the DLQ as I can successfully read/write in any queue.

        It seems that the thread responsible for moving the message into the DLQ doesn't have the right to perform this action (username and password not propagated to its connexion context ? ).
        Gary Tully made changes -
        Assignee Gary Tully [ gtully ]
        Gary Tully made changes -
        Resolution Fixed [ 1 ]
        Fix Version/s 5.3.1 [ 12183 ]
        Fix Version/s 5.4.0 [ 12110 ]
        Status Open [ 1 ] Resolved [ 5 ]
        Jeff Turner made changes -
        Project Import Fri Nov 26 22:32:02 EST 2010 [ 1290828722158 ]

          People

          • Assignee:
            Gary Tully
            Reporter:
            Concombre Masqué
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development