Uploaded image for project: 'ActiveMQ Artemis'
  1. ActiveMQ Artemis
  2. ARTEMIS-3656

Client session limit is evaluated incorrectly for ssl connections

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Duplicate
    • 2.17.0
    • None
    • None
    • None

    Description

      Client session limit is evaluated incorrectly for SSL connections.

      For authentication, the org.apache.activemq.artemis.spi.core.security.jaas.TextFileCertificateLoginModule module is used (clients do not specify a user and password to create connections).

      In this case, the user can enter any other user, and the connection count check will be performed for the specified user (so validatedUser must be used).

      The problem is in the org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl#getSessionCountForUser method. The check is not based on validatedUser but on user (which users do not enter). As a result we get a NullPointerException in the code below.

      private int getSessionCountForUser(String username) {
   int sessionCount = 0;
   for (Entry<String, ServerSession> sessionEntry : sessions.entrySet()) {
      if (sessionEntry.getValue().getUsername().equals(username)) { // change to sessionEntry.getValue().getValidatedUser()....
         sessionCount++;
      }
   }
   return sessionCount;
}

      Files in etc folder:

      1) login.config:

      CertLogin {
    org.apache.activemq.artemis.spi.core.security.jaas.TextFileCertificateLoginModule requisite
        debug=false
        reload=true
        org.apache.activemq.jaas.textfiledn.user="cert-users.properties"
        org.apache.activemq.jaas.textfiledn.role="cert-roles.properties";
};

      2) broker.xml:

          <resource-limit-settings>
      <resource-limit-setting match="user1">
        <max-connections>5</max-connections>
      </resource-limit-setting>
    </resource-limit-settings>

    <acceptors>
      <acceptor name="artemis">tcp://0.0.0.0:60001?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;amqpMinLargeMessageSize=102400;protocols=CORE,AMQP,STOMP,HORNETQ,MQTT,OPENWIRE;useEpoll=true;amqpCredits=1000;amqpLowCredits=300;amqpDuplicateDetection=true;sslEnabled=true;keyStorePath=/app/artemis/ssl/artemis_server_gw.jks;trustStorePath=/app/artemis/ssl/artemis_server_gw.jks;keyStorePassword=secret;trustStorePassword=secret;enabledCipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA256;enabledProtocols=TLSv1.2;needClientAuth=true</acceptor>
    </acceptors>

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. ARTEMIS-3892 User limits not working with certificate authentication

          • Major - Major loss of function.
          • Closed

          Activity

            People

              Unassigned Unassigned
              Luchkin Alexander
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: