Uploaded image for project: 'AMQ Broker'
  1. AMQ Broker
  2. ENTMQBR-554

[Openwire] sender client is not notified about missing send permission

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Critical Critical
    • A-MQ 7.0.0.ER17
    • A-MQ 7.0.0.ER16
    • None
    • Compatibility/Configuration, User Experience
    • Hide

      1) Set up a broker.xml & artemis-

      {roles,users}

      .xml to add a user which is not in part of group which has SEND permissions.

      2) Create a queue (with proper perms)
      3) Send a message to this queue with a user missing SEND perms

      Openwire client fails
[0,root@mt_r6x0 ~]$ java  -jar /var/dtests/node_data/clients/aoc7.jar sender  --log-msgs dict --broker tcp://localhost:61616 --conn-username nobody --conn-password nobody --address "test_default_username_right_password_right" --count 1
{'redelivered': False, 'reply_to': None, 'id': 'dhcp-lab-215.englab.brq.redhat.com-44242-1487853842042-1:1:1:1:1', 'user_id':None, 'correlation_id': None, 'priority': 4, 'durable': True, 'ttl': 0, 'type': None, 'expiration': 0, 'timestamp': 1487853842577, 'address': 'queue://test_default_username_right_password_right', 'properties': {}, 'content': None}
[0,root@mt_r6x0 ~]$

AMQP works as expected
[0,root@mt_r6x0 ~]$ java  -jar /var/dtests/node_data/clients/aac1.jar sender  --log-msgs dict --broker localhost:5672 --conn-username nobody --conn-password nobody --address "test_default_username_right_password_right" --count 1
13:45:51,196 ERROR Error while sending a message!
javax.jms.JMSException: AMQ119032: User: nobody does not have permission='SEND' on address test_default_username_right_password_right [condition = failed]
	at org.apache.qpid.jms.provider.amqp.AmqpSupport.convertToException(AmqpSupport.java:157)
	at org.apache.qpid.jms.provider.amqp.AmqpSupport.convertToException(AmqpSupport.java:112)
	at org.apache.qpid.jms.provider.amqp.AmqpFixedProducer.processDeliveryUpdates(AmqpFixedProducer.java:240)
	at org.apache.qpid.jms.provider.amqp.AmqpProvider.processUpdates(AmqpProvider.java:898)
	at org.apache.qpid.jms.provider.amqp.AmqpProvider.access$1800(AmqpProvider.java:93)
	at org.apache.qpid.jms.provider.amqp.AmqpProvider$18.run(AmqpProvider.java:784)
	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180)
	at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
      Show
      1) Set up a broker.xml & artemis- {roles,users} .xml to add a user which is not in part of group which has SEND permissions. 2) Create a queue (with proper perms) 3) Send a message to this queue with a user missing SEND perms Openwire client fails [0,root@mt_r6x0 ~]$ java -jar /var/dtests/node_data/clients/aoc7.jar sender --log-msgs dict --broker tcp://localhost:61616 --conn-username nobody --conn-password nobody --address "test_default_username_right_password_right" --count 1 {'redelivered': False, 'reply_to': None, 'id': 'dhcp-lab-215.englab.brq.redhat.com-44242-1487853842042-1:1:1:1:1', 'user_id':None, 'correlation_id': None, 'priority': 4, 'durable': True, 'ttl': 0, 'type': None, 'expiration': 0, 'timestamp': 1487853842577, 'address': 'queue://test_default_username_right_password_right', 'properties': {}, 'content': None} [0,root@mt_r6x0 ~]$ AMQP works as expected [0,root@mt_r6x0 ~]$ java -jar /var/dtests/node_data/clients/aac1.jar sender --log-msgs dict --broker localhost:5672 --conn-username nobody --conn-password nobody --address "test_default_username_right_password_right" --count 1 13:45:51,196 ERROR Error while sending a message! javax.jms.JMSException: AMQ119032: User: nobody does not have permission='SEND' on address test_default_username_right_password_right [condition = failed] at org.apache.qpid.jms.provider.amqp.AmqpSupport.convertToException(AmqpSupport.java:157) at org.apache.qpid.jms.provider.amqp.AmqpSupport.convertToException(AmqpSupport.java:112) at org.apache.qpid.jms.provider.amqp.AmqpFixedProducer.processDeliveryUpdates(AmqpFixedProducer.java:240) at org.apache.qpid.jms.provider.amqp.AmqpProvider.processUpdates(AmqpProvider.java:898) at org.apache.qpid.jms.provider.amqp.AmqpProvider.access$1800(AmqpProvider.java:93) at org.apache.qpid.jms.provider.amqp.AmqpProvider$18.run(AmqpProvider.java:784) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745)

      When sending a message with user without SEND permission to the broker over Openwire, the client is not notified about missing permission and message is "successfully send" according to the client. Although the message is internally refused by the broker.

      Subsequently using receiver (amqp/openwire) there seems to be no message in the queue.

      Worth to note, that it worked with ER15 and previous releases

        1. ENTMQBR-554_debug.logs
          45 kB
        2. ENTMQBR-554_er15-16_diff.logs
          17 kB

            gaohoward Howard Gao
            mtoth@redhat.com Michal Toth
            Michal Toth Michal Toth
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: