activemq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From clebertsuco...@apache.org
Subject [activemq-artemis] branch master updated: ARTEMIS-2344 return security errors for unauthorized anonymous sasl
Date Fri, 17 May 2019 19:52:44 GMT
This is an automated email from the ASF dual-hosted git repository.

clebertsuconic pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/activemq-artemis.git


The following commit(s) were added to refs/heads/master by this push:
     new e533bf8  ARTEMIS-2344 return security errors for unauthorized anonymous sasl
     new c9a7bbc  This closes #2671
e533bf8 is described below

commit e533bf876e43059eb5f52ed81117a6012c76addb
Author: brusdev <bruscinodf@gmail.com>
AuthorDate: Thu May 16 15:14:07 2019 +0200

    ARTEMIS-2344 return security errors for unauthorized anonymous sasl
    
    When user attempts unauthorized anonymous sasl the broker can return an
    error of 'failed' instead of the security error that is expected in
    these cases.
---
 .../protocol/amqp/proton/AMQPSessionContext.java   |  3 +++
 .../amqp/proton/handler/ProtonHandler.java         |  8 ++++++++
 .../amqp/JMSConnectionWithSecurityTest.java        | 22 ++++++++++++++++++++++
 3 files changed, 33 insertions(+)

diff --git a/artemis-protocols/artemis-amqp-protocol/src/main/java/org/apache/activemq/artemis/protocol/amqp/proton/AMQPSessionContext.java
b/artemis-protocols/artemis-amqp-protocol/src/main/java/org/apache/activemq/artemis/protocol/amqp/proton/AMQPSessionContext.java
index c8bb13e..e57acec 100644
--- a/artemis-protocols/artemis-amqp-protocol/src/main/java/org/apache/activemq/artemis/protocol/amqp/proton/AMQPSessionContext.java
+++ b/artemis-protocols/artemis-amqp-protocol/src/main/java/org/apache/activemq/artemis/protocol/amqp/proton/AMQPSessionContext.java
@@ -21,6 +21,7 @@ import java.util.Map;
 import java.util.Set;
 import java.util.concurrent.ConcurrentHashMap;
 
+import org.apache.activemq.artemis.api.core.ActiveMQSecurityException;
 import org.apache.activemq.artemis.core.server.ServerProducer;
 import org.apache.activemq.artemis.core.server.impl.ServerProducerImpl;
 import org.apache.activemq.artemis.protocol.amqp.broker.AMQPSessionCallback;
@@ -69,6 +70,8 @@ public class AMQPSessionContext extends ProtonInitializable {
          if (sessionSPI != null) {
             try {
                sessionSPI.init(this, connection.getSASLResult());
+            } catch (ActiveMQSecurityException e) {
+               throw e;
             } catch (Exception e) {
                throw new ActiveMQAMQPInternalErrorException(e.getMessage(), e);
             }
diff --git a/artemis-protocols/artemis-amqp-protocol/src/main/java/org/apache/activemq/artemis/protocol/amqp/proton/handler/ProtonHandler.java
b/artemis-protocols/artemis-amqp-protocol/src/main/java/org/apache/activemq/artemis/protocol/amqp/proton/handler/ProtonHandler.java
index a4b2131..00dfd00 100644
--- a/artemis-protocols/artemis-amqp-protocol/src/main/java/org/apache/activemq/artemis/protocol/amqp/proton/handler/ProtonHandler.java
+++ b/artemis-protocols/artemis-amqp-protocol/src/main/java/org/apache/activemq/artemis/protocol/amqp/proton/handler/ProtonHandler.java
@@ -27,6 +27,7 @@ import java.util.concurrent.TimeUnit;
 import io.netty.buffer.ByteBuf;
 import io.netty.buffer.PooledByteBufAllocator;
 import io.netty.channel.EventLoop;
+import org.apache.activemq.artemis.api.core.ActiveMQSecurityException;
 import org.apache.activemq.artemis.protocol.amqp.proton.AMQPConnectionContext;
 import org.apache.activemq.artemis.protocol.amqp.proton.ProtonInitializable;
 import org.apache.activemq.artemis.protocol.amqp.sasl.ClientSASL;
@@ -482,6 +483,13 @@ public class ProtonHandler extends ProtonInitializable implements SaslListener
{
                }
                try {
                   Events.dispatch(ev, h);
+               } catch (ActiveMQSecurityException e) {
+                  log.warn(e.getMessage(), e);
+                  ErrorCondition error = new ErrorCondition();
+                  error.setCondition(AmqpError.UNAUTHORIZED_ACCESS);
+                  error.setDescription(e.getMessage() == null ? e.getClass().getSimpleName()
: e.getMessage());
+                  connection.setCondition(error);
+                  connection.close();
                } catch (Exception e) {
                   log.warn(e.getMessage(), e);
                   ErrorCondition error = new ErrorCondition();
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/amqp/JMSConnectionWithSecurityTest.java
b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/amqp/JMSConnectionWithSecurityTest.java
index 3bc2354..7199efc 100644
--- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/amqp/JMSConnectionWithSecurityTest.java
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/amqp/JMSConnectionWithSecurityTest.java
@@ -27,8 +27,11 @@ import javax.jms.Session;
 import javax.jms.TextMessage;
 
 import org.apache.activemq.artemis.tests.integration.IntegrationTestLogger;
+import org.apache.qpid.jms.JmsConnectionFactory;
 import org.junit.Test;
 
+import java.net.URI;
+
 public class JMSConnectionWithSecurityTest extends JMSClientTestSupport {
 
    @Override
@@ -58,6 +61,25 @@ public class JMSConnectionWithSecurityTest extends JMSClientTestSupport
{
    }
 
    @Test(timeout = 10000)
+   public void testNoUserOrPasswordWithoutSaslRestrictions() throws Exception {
+      Connection connection = null;
+      JmsConnectionFactory factory = new JmsConnectionFactory(new URI("amqp://localhost:"
+ AMQP_PORT));
+      try {
+         connection = factory.createConnection();
+         connection.start();
+         fail("Expected Exception");
+      } catch (JMSSecurityException ex) {
+         IntegrationTestLogger.LOGGER.debug("Failed to authenticate connection with no user
/ password.");
+      } catch (Exception ex) {
+         fail("Expected JMSSecurityException");
+      } finally {
+         if (connection != null) {
+            connection.close();
+         }
+      }
+   }
+
+   @Test(timeout = 10000)
    public void testUnknownUser() throws Exception {
       Connection connection = null;
       try {


Mime
View raw message