Uploaded image for project: 'ActiveMQ Artemis'
  1. ActiveMQ Artemis
  2. ARTEMIS-4137

MQTT subscription queue clean-up can fail due to security

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 2.28.0
    • None
    • None

    Description

      When an MQTT subscriber disconnects the automated queue clean-up can fail if the subscriber didn't have authorization to delete the queue, e.g.:

      ERROR [org.apache.activemq.artemis.core.protocol.mqtt] AMQ834000: Error removing subscription.
org.apache.activemq.artemis.api.core.ActiveMQSecurityException: AMQ229213: User: noDelete does not have permission='DELETE_DURABLE_QUEUE' for queue foo on address foo
	at org.apache.activemq.artemis.core.security.impl.SecurityStoreImpl.check(SecurityStoreImpl.java:307) ~[classes/:?]
	at org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl.destroyQueue(ActiveMQServerImpl.java:2448) ~[classes/:?]
	at org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl.destroyQueue(ActiveMQServerImpl.java:2421) ~[classes/:?]
	at org.apache.activemq.artemis.core.server.impl.ServerSessionImpl.deleteQueue(ServerSessionImpl.java:1186) ~[classes/:?]
	at org.apache.activemq.artemis.core.protocol.mqtt.MQTTSubscriptionManager.removeSubscription(MQTTSubscriptionManager.java:297) ~[classes/:?]
	at org.apache.activemq.artemis.core.protocol.mqtt.MQTTSubscriptionManager.clean(MQTTSubscriptionManager.java:376) ~[classes/:?]
	at org.apache.activemq.artemis.core.protocol.mqtt.MQTTSession.clean(MQTTSession.java:226) ~[classes/:?]
	at org.apache.activemq.artemis.core.protocol.mqtt.MQTTSession.stop(MQTTSession.java:135) ~[classes/:?]
	at org.apache.activemq.artemis.core.protocol.mqtt.MQTTConnectionManager.disconnect(MQTTConnectionManager.java:185) ~[classes/:?]
	at org.apache.activemq.artemis.core.protocol.mqtt.MQTTProtocolHandler.disconnect(MQTTProtocolHandler.java:278) ~[classes/:?]
	at org.apache.activemq.artemis.core.protocol.mqtt.MQTTProtocolHandler.act(MQTTProtocolHandler.java:182) ~[classes/:?]
	at org.apache.activemq.artemis.utils.actors.Actor.doTask(Actor.java:32) ~[classes/:?]
	at org.apache.activemq.artemis.utils.actors.ProcessorBase.executePendingTasks(ProcessorBase.java:68) ~[classes/:?]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) ~[?:?]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) ~[?:?]
	at org.apache.activemq.artemis.utils.ActiveMQThreadFactory$1.run(ActiveMQThreadFactory.java:118) ~[classes/:?]

      This can lead to unwanted message accumulation and impact broker performance. The broker should delete the queue without regard to security authorization in this case.

      Attachments

        Issue Links

          links to

          Web Link GitHub Pull Request #4340

          Activity

            People

              jbertram Justin Bertram
              jbertram Justin Bertram
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 50m
                  50m