https://issues.apache.org/jira/browse/AMQ-3211 - ensure that a JMSXUserID property set by a client is ignored if an alternative userId mechanism is in place. This ensures that a client cannot spoof this value when the broker is configured to supply if from credentials. The client supplied value is only used as a last resourt

git-svn-id: https://svn.apache.org/repos/asf/activemq/trunk@1080212 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Gary Tully 2011-03-10 13:24:34 +00:00
parent bc715ea63d
commit 3df3302c65
3 changed files with 26 additions and 4 deletions

View File

@ -593,11 +593,14 @@ public class ActiveMQMessage extends Message implements org.apache.activemq.Mess
}
public String getStringProperty(String name) throws JMSException {
Object value = getObjectProperty(name);
if (value == null) {
if (name.equals("JMSXUserID")) {
value = getUserID();
Object value = null;
if (name.equals("JMSXUserID")) {
value = getUserID();
if (value == null) {
value = getObjectProperty(name);
}
} else {
value = getObjectProperty(name);
}
if (value == null) {
return null;

View File

@ -60,4 +60,21 @@ public class JmsTopicSendReceiveWithEmbeddedBrokerAndUserIDTest extends JmsTopic
assertEquals("JMSXUserID header", userName, userID);
}
}
public void testSpoofedJMSXUserIdIsIgnored() throws Exception {
Thread.sleep(1000);
messages.clear();
for (int i = 0; i < data.length; i++) {
Message message = createMessage(i);
configureMessage(message);
message.setStringProperty("JMSXUserID", "spoofedId");
if (verbose) {
LOG.info("About to send a message: " + message + " with text: " + data[i]);
}
sendMessage(i, message);
}
assertMessagesAreReceived();
LOG.info("" + data.length + " messages(s) received, closing down connections");
}
}

View File

@ -66,6 +66,7 @@ public class NestedMapAndListPropertyTest extends JmsTopicSendReceiveWithTwoConn
assertEquals("listField[0]", "a", list.get(0));
assertEquals("listField[1]", "b", list.get(1));
assertEquals("listField[2]", "c", list.get(2));
assertEquals("JohnDoe", message.getStringProperty("JMSXUserID"));
}
protected Message createMessage(int index) throws JMSException {
@ -85,6 +86,7 @@ public class NestedMapAndListPropertyTest extends JmsTopicSendReceiveWithTwoConn
answer.setObjectProperty("mapField", nestedMap);
answer.setObjectProperty("listField", Arrays.asList(new Object[] {"a", "b", "c"}));
answer.setStringProperty("JMSXUserID", "JohnDoe");
return answer;
}