Uploaded image for project: 'ActiveMQ'
  1. ActiveMQ
  2. AMQ-7307

Using MessageAuthorizationPolicy gets into infinite retry loop

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 5.15.10
    • Fix Version/s: None
    • Component/s: Pool
    • Labels:
      None
    • Environment:

      Locally with docker compose, but it should not be related to env.

      Description

      We are trying to do authorization on message by message basis by validating an OIDC JWT token attached as property to each message. The way that I found so far (but please let us know for alternatives) is to implement MessageAuthorizationPolicy and return true if message to be accepted from security standpoint.

      The problem we face is that those rejected messages are retried. But the token is the same, and the answer will continue to be negative. Is there a way to disable retries, but only for those rejected by MessageAuthorizationPolicy ?

      Thank you.

      PS. I am not sure if it is a bug, we are just trying to solve our problem.

      We use shared storage with EFS, kahadb.

      The message delivery appears to happen on a Queue.

      What I know is that we use topics and virtual topics related to each individual consumer (microservice) and those virtual topics do function as queues. This is my limited understanding so far at least, I had experience with Apache Kafka before but not with JMS providers. Thanks

       

      Update

      I have found that implementing BrokerFilter.send would provide the message level opportunity to let a message through or not, however I have one question:

      In the BrokerFilter.send method, is there a way to signal somehow to the producer that it was rejected for security reasons? By throwing a custom Exception from send? Is the exception returned over the wire to the producer?
      Thank you,
      Nicu

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              Marasoiu Nicolae
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: