From ec508d8306b8e0db5dcdbf8c26a0f480608d97dc Mon Sep 17 00:00:00 2001 From: Justin Bertram Date: Thu, 8 Jul 2021 20:01:44 -0500 Subject: [PATCH] ARTEMIS-3381 AMQP bypasses session when deleting queues The AMQP implementation bypasses the ServerSession when deleting queues which also bypasses security authorization. --- .../amqp/broker/AMQPSessionCallback.java | 2 +- .../server/SecureConfigurationTest.java | 19 ++++++++++++++++++- .../src/test/resources/multicast_topic.xml | 6 +++--- 3 files changed, 22 insertions(+), 5 deletions(-) diff --git a/artemis-protocols/artemis-amqp-protocol/src/main/java/org/apache/activemq/artemis/protocol/amqp/broker/AMQPSessionCallback.java b/artemis-protocols/artemis-amqp-protocol/src/main/java/org/apache/activemq/artemis/protocol/amqp/broker/AMQPSessionCallback.java index 9be3858f04..82dbec7348 100644 --- a/artemis-protocols/artemis-amqp-protocol/src/main/java/org/apache/activemq/artemis/protocol/amqp/broker/AMQPSessionCallback.java +++ b/artemis-protocols/artemis-amqp-protocol/src/main/java/org/apache/activemq/artemis/protocol/amqp/broker/AMQPSessionCallback.java @@ -642,7 +642,7 @@ public class AMQPSessionCallback implements SessionCallback { } public void deleteQueue(SimpleString queueName) throws Exception { - manager.getServer().destroyQueue(queueName); + serverSession.deleteQueue(queueName); } public void resetContext(OperationContext oldContext) { diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/server/SecureConfigurationTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/server/SecureConfigurationTest.java index 87adf2369d..7d6e8024b4 100644 --- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/server/SecureConfigurationTest.java +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/server/SecureConfigurationTest.java @@ -120,7 +120,7 @@ public class SecureConfigurationTest extends ActiveMQTestBase { } @Test - public void testSecureDurableSubscriber() throws Exception { + public void testCreateSecureDurableSubscriber() throws Exception { ConnectionFactory connectionFactory = getConnectionFactory("b", "b"); String message = "blah"; @@ -136,6 +136,23 @@ public class SecureConfigurationTest extends ActiveMQTestBase { } } + @Test + public void testDeleteSecureDurableSubscriber() throws Exception { + ConnectionFactory connectionFactory = getConnectionFactory("c", "c"); + String message = "blah"; + + //Expect to be able to create durable queue for subscription + String messageRecieved = sendAndReceiveTextUsingTopic(connectionFactory, "clientId", message, "secured_topic_durable", (t, s) -> s.createDurableSubscriber(t, "secured_topic_durable/non-existant-queue")); + Assert.assertEquals(message, messageRecieved); + + try { + sendAndReceiveTextUsingTopic(connectionFactory, "clientId", message, "secured_topic_durable", (t, s) -> s.createDurableSubscriber(t, "secured_topic_durable/non-existant-queue", "age > 10", false)); + Assert.fail("Security exception expected, but did not occur, excepetion expected as not permissioned to dynamically delete queue"); + } catch (JMSSecurityException j) { + //Expected exception + } + } + @Test public void testTemporaryQueue() throws Exception { ConnectionFactory connectionFactory = getConnectionFactory("a", "a"); diff --git a/tests/integration-tests/src/test/resources/multicast_topic.xml b/tests/integration-tests/src/test/resources/multicast_topic.xml index a4891d0790..009b3e8c3e 100644 --- a/tests/integration-tests/src/test/resources/multicast_topic.xml +++ b/tests/integration-tests/src/test/resources/multicast_topic.xml @@ -127,11 +127,11 @@ under the License. - + - - + +