Uploaded image for project: 'ActiveMQ Artemis'
  1. ActiveMQ Artemis
  2. ARTEMIS-2344

[AMQP] Broker does not send security errors for unauthorized anonymous sasl

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 2.8.0, 2.8.1
    • 2.9.0
    • AMQP
    • None

    Description

      When user attempts unauthorized anonymous sasl, using AMQP protocol, the broker can return an internal error ("amqp:internal-error") instead of the security error ("amqp:unauthorized-access") that is expected in these cases.

       

      Source code to reproduce the issue using test testNoUserOrPasswordWithoutSaslRestrictions:

      https://github.com/brusdev/activemq-artemis/blob/amqp_security_error/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/amqp/JMSConnectionWithSecurityTest.java

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. ARTEMIS-2431 [AMQP] Broker does not send security errors for unauthorized anonymous sasl with pipelined open

          • Major - Major loss of function.
          • Closed
          links to

          Web Link GitHub Pull Request #2671

          Web Link GitHub Pull Request #2671

          Activity

            People

              Unassigned Unassigned
              brusdev Domenico Francesco Bruscino
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 10m
                  10m