Apache
/
activemq-artemis
mirror of https://github.com/apache/activemq-artemis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

ARTEMIS-2344 return security errors for unauthorized anonymous sasl 

When user attempts unauthorized anonymous sasl the broker can return an
error of 'failed' instead of the security error that is expected in
these cases.
This commit is contained in:
brusdev 2019-05-16 15:14:07 +02:00 committed by Clebert Suconic
parent 1d0b5c3507
commit e533bf876e
3 changed files with 33 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
artemis-protocols/artemis-amqp-protocol/src/main/java/org/apache/activemq/artemis/protocol/amqp/proton/AMQPSessionContext.java
View File

@ -21,6 +21,7 @@ import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import org.apache.activemq.artemis.api.core.ActiveMQSecurityException;
import org.apache.activemq.artemis.core.server.ServerProducer;
import org.apache.activemq.artemis.core.server.impl.ServerProducerImpl;
import org.apache.activemq.artemis.protocol.amqp.broker.AMQPSessionCallback;
@ -69,6 +70,8 @@ public class AMQPSessionContext extends ProtonInitializable {
if (sessionSPI != null) {
try {
sessionSPI.init(this, connection.getSASLResult());
} catch (ActiveMQSecurityException e) {
throw e;
} catch (Exception e) {
throw new ActiveMQAMQPInternalErrorException(e.getMessage(), e);
}

8
artemis-protocols/artemis-amqp-protocol/src/main/java/org/apache/activemq/artemis/protocol/amqp/proton/handler/ProtonHandler.java
View File

@ -27,6 +27,7 @@ import java.util.concurrent.TimeUnit;
import io.netty.buffer.ByteBuf;
import io.netty.buffer.PooledByteBufAllocator;
import io.netty.channel.EventLoop;
import org.apache.activemq.artemis.api.core.ActiveMQSecurityException;
import org.apache.activemq.artemis.protocol.amqp.proton.AMQPConnectionContext;
import org.apache.activemq.artemis.protocol.amqp.proton.ProtonInitializable;
import org.apache.activemq.artemis.protocol.amqp.sasl.ClientSASL;
@ -482,6 +483,13 @@ public class ProtonHandler extends ProtonInitializable implements SaslListener {
}
try {
Events.dispatch(ev, h);
} catch (ActiveMQSecurityException e) {
log.warn(e.getMessage(), e);
ErrorCondition error = new ErrorCondition();
error.setCondition(AmqpError.UNAUTHORIZED_ACCESS);
error.setDescription(e.getMessage() == null ? e.getClass().getSimpleName() : e.getMessage());
connection.setCondition(error);
connection.close();
} catch (Exception e) {
log.warn(e.getMessage(), e);
ErrorCondition error = new ErrorCondition();

22
tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/amqp/JMSConnectionWithSecurityTest.java
View File

@ -27,8 +27,11 @@ import javax.jms.Session;
import javax.jms.TextMessage;
import org.apache.activemq.artemis.tests.integration.IntegrationTestLogger;
import org.apache.qpid.jms.JmsConnectionFactory;
import org.junit.Test;
import java.net.URI;
public class JMSConnectionWithSecurityTest extends JMSClientTestSupport {
@Override
@ -57,6 +60,25 @@ public class JMSConnectionWithSecurityTest extends JMSClientTestSupport {
}
}
@Test(timeout = 10000)
public void testNoUserOrPasswordWithoutSaslRestrictions() throws Exception {
Connection connection = null;
JmsConnectionFactory factory = new JmsConnectionFactory(new URI("amqp://localhost:" + AMQP_PORT));
try {
connection = factory.createConnection();
connection.start();
fail("Expected Exception");
} catch (JMSSecurityException ex) {
IntegrationTestLogger.LOGGER.debug("Failed to authenticate connection with no user / password.");
} catch (Exception ex) {
fail("Expected JMSSecurityException");
} finally {
if (connection != null) {
connection.close();
}
}
}
@Test(timeout = 10000)
public void testUnknownUser() throws Exception {
Connection connection = null;