ARTEMIS-3381 AMQP bypasses session when deleting queues
The AMQP implementation bypasses the ServerSession when deleting queues which also bypasses security authorization.
This commit is contained in:
parent
bf875c3a37
commit
ec508d8306
|
@ -642,7 +642,7 @@ public class AMQPSessionCallback implements SessionCallback {
|
|||
}
|
||||
|
||||
public void deleteQueue(SimpleString queueName) throws Exception {
|
||||
manager.getServer().destroyQueue(queueName);
|
||||
serverSession.deleteQueue(queueName);
|
||||
}
|
||||
|
||||
public void resetContext(OperationContext oldContext) {
|
||||
|
|
|
@ -120,7 +120,7 @@ public class SecureConfigurationTest extends ActiveMQTestBase {
|
|||
}
|
||||
|
||||
@Test
|
||||
public void testSecureDurableSubscriber() throws Exception {
|
||||
public void testCreateSecureDurableSubscriber() throws Exception {
|
||||
ConnectionFactory connectionFactory = getConnectionFactory("b", "b");
|
||||
String message = "blah";
|
||||
|
||||
|
@ -136,6 +136,23 @@ public class SecureConfigurationTest extends ActiveMQTestBase {
|
|||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testDeleteSecureDurableSubscriber() throws Exception {
|
||||
ConnectionFactory connectionFactory = getConnectionFactory("c", "c");
|
||||
String message = "blah";
|
||||
|
||||
//Expect to be able to create durable queue for subscription
|
||||
String messageRecieved = sendAndReceiveTextUsingTopic(connectionFactory, "clientId", message, "secured_topic_durable", (t, s) -> s.createDurableSubscriber(t, "secured_topic_durable/non-existant-queue"));
|
||||
Assert.assertEquals(message, messageRecieved);
|
||||
|
||||
try {
|
||||
sendAndReceiveTextUsingTopic(connectionFactory, "clientId", message, "secured_topic_durable", (t, s) -> s.createDurableSubscriber(t, "secured_topic_durable/non-existant-queue", "age > 10", false));
|
||||
Assert.fail("Security exception expected, but did not occur, excepetion expected as not permissioned to dynamically delete queue");
|
||||
} catch (JMSSecurityException j) {
|
||||
//Expected exception
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testTemporaryQueue() throws Exception {
|
||||
ConnectionFactory connectionFactory = getConnectionFactory("a", "a");
|
||||
|
|
|
@ -127,11 +127,11 @@ under the License.
|
|||
<security-setting match="secured_topic_durable">
|
||||
<permission type="createNonDurableQueue" roles="a"/>
|
||||
<permission type="deleteNonDurableQueue" roles="a"/>
|
||||
<permission type="createDurableQueue" roles="a"/>
|
||||
<permission type="createDurableQueue" roles="a,c"/>
|
||||
<permission type="deleteDurableQueue" roles="a"/>
|
||||
<permission type="browse" roles="a"/>
|
||||
<permission type="send" roles="a,b"/>
|
||||
<permission type="consume" roles="a,b" />
|
||||
<permission type="send" roles="a,b,c"/>
|
||||
<permission type="consume" roles="a,b,c" />
|
||||
<!-- we need this otherwise ./artemis data imp wouldn't work -->
|
||||
<permission type="manage" roles="a"/>
|
||||
</security-setting>
|
||||
|
|
Loading…
Reference in New Issue