Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
Description
When performing concurrent user admin actions (e.g. resetUser, addUser, removeUser on ActiveMQServerControl) when using the PropertiesLoginModule with reload=true the underlying user and role properties files can get corrupted.
Run this script:
#!/bin/bash for i in {1..5} do # remove myuser curl -k --user admin:admin -H "Origin: http://localhost:8161" "http://localhost:8161/console/jolokia/exec/org.apache.activemq.artemis:broker=%220.0.0.0%22/removeUser(java.lang.String)/myuser" & # create user 'myuser' with password 'mypassword' curl -k --user admin:admin -H "Origin: http://localhost:8161" "http://localhost:8161/console/jolokia/exec/org.apache.activemq.artemis:broker=%220.0.0.0%22/addUser(java.lang.String,java.lang.String,java.lang.String,boolean)/myuser/mypassword//false" & # add role 'myrole' to 'myuser' curl -k --user admin:admin -H "Origin: http://localhost:8161" "http://localhost:8161/console/jolokia/exec/org.apache.activemq.artemis:broker=%220.0.0.0%22/resetUser(java.lang.String,java.lang.String,java.lang.String)/myuser/mypassword/myrole" & # perform read operation as admin user, just to see if we can connect curl -k --user admin:admin -H "Origin: http://localhost:8161" "http://localhost:8161/console/jolokia/exec/org.apache.activemq.artemis:broker=%220.0.0.0%22/listNetworkTopology()" & done
Sometimes the following logs will be encountered in the broker (note that the test does not remove/add admin):
2020-09-01 14:35:28,398 WARN [io.hawt.system.Authenticator] Login failed due to: User does not exist: admin
The script may need to be run multiple times to trigger the WARN.
Examination, in this case, of artemis-roles.properties shows:
$ cat etc/artemis-roles.properties | grep -v '#'
amq = admin
= myuser
Multiple variations of the corruption may occur.
Attachments
Issue Links
- relates to
-
ARTEMIS-3010 Document user management changes in 2.16.0
-
- Closed
-
- links to
