Uploaded image for project: 'ActiveMQ'
  1. ActiveMQ
  2. AMQ-3598

Unprivileged users can receive messages from a protected topic when using wildcards in destination

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 5.5.0, 5.5.1
    • Fix Version/s: 5.12.0
    • Component/s: Broker
    • Environment:

      OS: Mac OS X 10.6.8
      JRE/JDK: 1.6.0_29
      ActiveMQ: 5.5.0

      Description

      A consumer can receive messages from protected queues/topics if he uses a Destination which contains a wildcard as described here:

      Destination queue = new ActiveMQQueue("messages.>");
      Destination topic = new ActiveMQTopic(">");
      

      We are using the default authentication/authorization system as described in Security Authentication/Authorization with the following configuration:

      broker.xml
      <plugins>
          <simpleAuthenticationPlugin>
              <users>
                  <authenticationUser
                        username="admin"
                        password="admin"
                        groups="admins"/>
                  <authenticationUser
                        username="user"
                        password="user"
                        groups="users"/>
              </users>
          </simpleAuthenticationPlugin>
          <authorizationPlugin>
              <map>
                  <authorizationMap>
                      <authorizationEntries>
                          <authorizationEntry topic="messages.>"
                                              read="admins"
                                              write="admins"
                                              admin="admins"/>
                          <authorizationEntry topic="messages.cat2"
                                              read="admins"
                                              write="admins"
                                              admin="admins"/>
                          <authorizationEntry topic="messages.cat1"
                                              read="admins, users"
                                              write="admins, users"
                                              admin="admins, users"/>
                          <authorizationEntry topic="ActiveMQ.Advisory.>"
                                              read="admins, users"
                                              write="admins, users"
                                              admin="admins, users"/>
                      </authorizationEntries>
                  </authorizationMap>
              </map>
          </authorizationPlugin>
      </plugins>
      

      As exepected, clients connecting as "user" to the topic "messages.cat2" get an exception ("User user is not authorized to read from: topic://messages.cat2"). Suprisingly "user" can receive messages from topic "messages.cat2" if he creates a consumer with the destination "messages.>":

      consumer.java
      final Destination destination = new ActiveMQTopic("messages.>");
      final Connection conn = new ActiveMQConnectionFactory("user", "user", BROKER_URL).createConnection();
      final Session session = conn.createSession(false, Session.AUTO_ACKNOWLEDGE);
      final MessageConsumer consumer = session.createConsumer(destination);
      conn.start();
      closure.run();
      final Message message = consumer.receive(TIMEOUT);
      session.close();
      conn.close(); 
      

      IMHO this behaviour is a security problem as an unprivileged user can receive messages from a protected topic or queue!

        Attachments

        1. AMQ-3598.patch
          16 kB
          Torsten Mielke
        2. ActiveMQAuthorizationBug.zip
          7 kB
          Thorsten Panitz

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              panitz Thorsten Panitz
            • Votes:
              1 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: