diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java index eefb0c2c8f..5057d362e1 100644 --- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java +++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java @@ -1996,7 +1996,11 @@ public class ServerSessionImpl implements ServerSession, FailureListener { @Override public String getValidatedUser() { - return validatedUser; + /* + * Security is often disabled in tests so if the validated user is null + * then just return the username supplied directly from the client. + */ + return validatedUser != null ? validatedUser : username; } @Override diff --git a/docs/user-manual/en/versions.md b/docs/user-manual/en/versions.md index 63e18252b8..69a5dbd4e3 100644 --- a/docs/user-manual/en/versions.md +++ b/docs/user-manual/en/versions.md @@ -16,12 +16,26 @@ Highlights: #### Upgrading from older versions -Due to [ARTEMIS-3851](https://issues.apache.org/jira/browse/ARTEMIS-3851) the queue -created for an MQTT 3.x subscriber using `CleanSession=1` is now **non-durable** -rather than durable. This may impact `security-settings` for MQTT clients which -previously only had `createDurableQueue` for their role. They will now need -`createNonDurableQueue` as well. Again, this only has potential impact for MQTT 3.x -clients using `CleanSession=1`. + 1. Due to [ARTEMIS-3851](https://issues.apache.org/jira/browse/ARTEMIS-3851) + the queue created for an MQTT 3.x subscriber using `CleanSession=1` is now + **non-durable** rather than durable. This may impact `security-settings` + for MQTT clients which previously only had `createDurableQueue` for their + role. They will now need `createNonDurableQueue` as well. Again, this only + has potential impact for MQTT 3.x clients using `CleanSession=1`. + 2. Due to [ARTEMIS-3892](https://issues.apache.org/jira/browse/ARTEMIS-3892) + the username assigned to queues will be based on the **validated** user + rather than just the username submitted by the client application. This + will impact use-cases like the following: + 1. When `login.config` is configured with the [`GuestLoginModule`](security.md#guestloginmodule) + which causes some users to be assigned a specific username and role + during the authentication process. + 2. When `login.config` is configured with the [`CertificateLoginModule`](security.md#certificateloginmodule) + which causes users to be assigned a username and role corresponding to + the subject DN from their SSL certificate. + + In these kinds of situations the broker will use this assigned (i.e. + validated) username for any queues created with the connection. In the past + the queue's username would have been left blank. ## 2.23.1 [Full release notes](https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12351846&projectId=12315920) diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/ActiveMQServerControlTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/ActiveMQServerControlTest.java index f274e2aa77..592aa5fb2a 100644 --- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/ActiveMQServerControlTest.java +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/ActiveMQServerControlTest.java @@ -2929,7 +2929,7 @@ public class ActiveMQServerControlTest extends ManagementTestBase { Assert.assertNotEquals("consumerCount", "", array.getJsonObject(0).getString("consumerCount")); Assert.assertEquals("maxConsumers", "-1", array.getJsonObject(0).getString("maxConsumers")); Assert.assertEquals("autoCreated", "false", array.getJsonObject(0).getString("autoCreated")); - Assert.assertEquals("user", "", array.getJsonObject(0).getString("user")); + Assert.assertEquals("user", "guest", array.getJsonObject(0).getString("user")); Assert.assertNotEquals("routingType", "", array.getJsonObject(0).getString("routingType")); Assert.assertEquals("messagesAdded", "0", array.getJsonObject(0).getString("messagesAdded")); Assert.assertEquals("messageCount", "0", array.getJsonObject(0).getString("messageCount"));