mirror of https://github.com/apache/activemq.git
https://issues.apache.org/jira/browse/AMQ-3211 - ensure that a JMSXUserID property set by a client is ignored if an alternative userId mechanism is in place. This ensures that a client cannot spoof this value when the broker is configured to supply if from credentials. The client supplied value is only used as a last resourt
git-svn-id: https://svn.apache.org/repos/asf/activemq/trunk@1080212 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
bc715ea63d
commit
3df3302c65
|
@ -593,11 +593,14 @@ public class ActiveMQMessage extends Message implements org.apache.activemq.Mess
|
|||
}
|
||||
|
||||
public String getStringProperty(String name) throws JMSException {
|
||||
Object value = getObjectProperty(name);
|
||||
if (value == null) {
|
||||
if (name.equals("JMSXUserID")) {
|
||||
value = getUserID();
|
||||
Object value = null;
|
||||
if (name.equals("JMSXUserID")) {
|
||||
value = getUserID();
|
||||
if (value == null) {
|
||||
value = getObjectProperty(name);
|
||||
}
|
||||
} else {
|
||||
value = getObjectProperty(name);
|
||||
}
|
||||
if (value == null) {
|
||||
return null;
|
||||
|
|
|
@ -60,4 +60,21 @@ public class JmsTopicSendReceiveWithEmbeddedBrokerAndUserIDTest extends JmsTopic
|
|||
assertEquals("JMSXUserID header", userName, userID);
|
||||
}
|
||||
}
|
||||
|
||||
public void testSpoofedJMSXUserIdIsIgnored() throws Exception {
|
||||
Thread.sleep(1000);
|
||||
messages.clear();
|
||||
|
||||
for (int i = 0; i < data.length; i++) {
|
||||
Message message = createMessage(i);
|
||||
configureMessage(message);
|
||||
message.setStringProperty("JMSXUserID", "spoofedId");
|
||||
if (verbose) {
|
||||
LOG.info("About to send a message: " + message + " with text: " + data[i]);
|
||||
}
|
||||
sendMessage(i, message);
|
||||
}
|
||||
assertMessagesAreReceived();
|
||||
LOG.info("" + data.length + " messages(s) received, closing down connections");
|
||||
}
|
||||
}
|
||||
|
|
|
@ -66,6 +66,7 @@ public class NestedMapAndListPropertyTest extends JmsTopicSendReceiveWithTwoConn
|
|||
assertEquals("listField[0]", "a", list.get(0));
|
||||
assertEquals("listField[1]", "b", list.get(1));
|
||||
assertEquals("listField[2]", "c", list.get(2));
|
||||
assertEquals("JohnDoe", message.getStringProperty("JMSXUserID"));
|
||||
}
|
||||
|
||||
protected Message createMessage(int index) throws JMSException {
|
||||
|
@ -85,6 +86,7 @@ public class NestedMapAndListPropertyTest extends JmsTopicSendReceiveWithTwoConn
|
|||
|
||||
answer.setObjectProperty("mapField", nestedMap);
|
||||
answer.setObjectProperty("listField", Arrays.asList(new Object[] {"a", "b", "c"}));
|
||||
answer.setStringProperty("JMSXUserID", "JohnDoe");
|
||||
|
||||
return answer;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue