Uploaded image for project: 'JBoss A-MQ'
  1. JBoss A-MQ
  2. ENTMQ-681

unauthorised read operation is only logged in the broker as DEBUG log level

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Minor
    • JBoss A-MQ 6.2
    • JBoss A-MQ 6.1
    • broker
    • None

    Description

      in AMQ 6.1 when a user is not authorised for a read operation the broker only logs this as debug by the org.apache.activemq.broker.TransportConnection.Service class.

      2014-06-04 14:17:45,635 | DEBUG | Error occured while processing sync command: ConsumerInfo {commandId = 4, responseRequired = true, consumerId = ID:sideshow.home-53898-1401884265406-1:1:1:1, destination = queue://Sabre_q1, prefetchSize = 1000, maximumPendingMessageLimit = 0, browser = false, dispatchAsync = true, selector = null, clientId = ID:sideshow.home-53898-1401884265406-0:1, subscriptionName = null, noLocal = false, exclusive = false, retroactive = false, priority = 0, brokerPath = null, optimizedAcknowledge = false, noRangeAcks = false, additionalPredicate = null}, exception: java.lang.SecurityException: User admin is not authorized to read from: queue://Sabre_q1 | org.apache.activemq.broker.TransportConnection.Service | ActiveMQ Transport: tcp:///192.168.1.105:53899@61616
java.lang.SecurityException: User admin is not authorized to read from: queue://Sabre_q1
	at org.apache.activemq.security.AuthorizationBroker.addConsumer(AuthorizationBroker.java:138)
	at org.apache.activemq.broker.MutableBrokerFilter.addConsumer(MutableBrokerFilter.java:102)
	at org.apache.activemq.broker.TransportConnection.processAddConsumer(TransportConnection.java:618)
	at org.apache.activemq.command.ConsumerInfo.visit(ConsumerInfo.java:349)
	at org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:294)
	at org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:148)
	at org.apache.activemq.transport.MutexTransport.onCommand(MutexTransport.java:50)
	at org.apache.activemq.transport.WireFormatNegotiator.onCommand(WireFormatNegotiator.java:113)
	at org.apache.activemq.transport.AbstractInactivityMonitor.onCommand(AbstractInactivityMonitor.java:270)
	at org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:83)
	at org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:214)
	at org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:196)
	at java.lang.Thread.run(Thread.java:695)

      It would be good to get some warning message logged on broker to indicate unauthorised read attempted.

      Attachments

        Activity

          People

            tbish@redhat.com Timothy Bish (Inactive)
            rhn-support-pfox Patrick Fox (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: