13 Replies Latest reply on Apr 28, 2009 11:30 PM by timfox

    Security Configuration --- getting confused

    gaohoward

      Hi, when working on the security example, I improved the configuration a little, adding some more stuff here. But I'm confused that the configuration seems not consistent with my result.

      In the configuration I have 4 users bill, andrew, frank and sam, each has different roles
      And I also configured 3 topics: genericTopic, news.europe.europeTopic and news.us.usTopic.
      The security settings can be simply described in the following chart:

      Users | user | news-user | europe-user | us-user
      --------------------------------------------------------------------
      bill | X | | |
      andrew | X | | X |
      frank | X | X | | X
      sam | X | X | |
      --------------------------------------------------------------------
      Topics | | | |
      --------------------------------------------------------------------
      genericTopic | rw | rw | rw | rw
      europeTopic | | r | w |
      usTopic | | r | | w
      --------------------------------------------------------------------
      
      Note:
      
      r --- means the corresponding role can receive messages from the topic
      w --- means the corresponding role can send messages to the topic
      
      


      But when I run the example to show the result, I got several 'Security Broken' cases, The output is:

      
       [java] User bill can send message: [hello-world-4] to topic: JBossTopic[genericTopic]
       [java] User bill can receive message: [hello-world-4] from topic: JBossTopic[genericTopic]
       [java] User andrew can send message: [hello-world-4] to topic: JBossTopic[genericTopic]
       [java] User andrew can receive message: [hello-world-4] from topic: JBossTopic[genericTopic]
       [java] User frank can send message: [hello-world-4] to topic: JBossTopic[genericTopic]
       [java] User frank can receive message: [hello-world-4] from topic: JBossTopic[genericTopic]
       [java] User sam can send message: [hello-world-4] to topic: JBossTopic[genericTopic]
       [java] User sam can receive message: [hello-world-4] from topic: JBossTopic[genericTopic]
       [java] User bill cannot create consumer on topic JBossTopic[news.europe.europeTopic]
       [java] User bill cannot send message [hello-world-3] to topic: JBossTopic[news.europe.europeTopic]
       [java] User andrew can send message [hello-world-2] to topic JBossTopic[news.europe.europeTopic]
       [java] Security setting is broken! User andrew can receive message [hello-world-2] from topic JBossTopic[news.europe.europeTopic]
       [java] Security setting is broken! User frank can send message [hello-world-1] to topic JBossTopic[news.europe.europeTopic]
       [java] User frank can receive message [hello-world-1] from topic JBossTopic[news.europe.europeTopic]
       [java] Security setting is broken! User sam can send message [hello-world-1] to topic JBossTopic[news.europe.europeTopic]
       [java] User sam can receive message [hello-world-1] from topic JBossTopic[news.europe.europeTopic]
       [java] User bill cannot create consumer on topic JBossTopic[news.us.usTopic]
       [java] User bill cannot send message [hello-world-3] to topic: JBossTopic[news.us.usTopic]
       [java] User andrew cannot send message [hello-world-3] to topic: JBossTopic[news.us.usTopic]
       [java] Security setting is broken! User andrew can receive message [hello-world-3] from topic JBossTopic[news.us.usTopic]
       [java] User frank can send message: [hello-world-4] to topic: JBossTopic[news.us.usTopic]
       [java] User frank can receive message: [hello-world-4] from topic: JBossTopic[news.us.usTopic]
       [java] Security setting is broken! User sam can send message [hello-world-1] to topic JBossTopic[news.us.usTopic]
       [java] User sam can receive message [hello-world-1] from topic JBossTopic[news.us.usTopic]
       [java] Java Result: 1
      
      


      If you take one error from the above, for example:
      Security setting is broken! User andrew can receive message [hello-world-2] from topic J
      BossTopic[news.europe.europeTopic]
      


      You can see user andrew can receive message from news.europe.europeTopic, which should not according to the chart.

      What's wrong? Can anybody help? I really have no idea.

        • 1. Re: Security Configuration --- getting confused
          gaohoward

          my jbm-queues.xml

          <settings xmlns="urn:jboss:messaging"
           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
           xsi:schemaLocation="urn:jboss:messaging ../schemas/jbm-queues.xsd ">
          
           <!-- any user can have full control of generic topics -->
           <security match="jms.topic.#">
           <permission type="createDurableQueue" roles="user"/>
           <permission type="deleteDurableQueue" roles="user"/>
           <permission type="createTempQueue" roles="user"/>
           <permission type="deleteTempQueue" roles="user"/>
           <permission type="send" roles="user"/>
           <permission type="consume" roles="user"/>
           </security>
          
           <!-- only europe-user can create/delete any news.europe topics and pulish news to it. -->
           <security match="jms.topic.news.europe.#">
           <permission type="createDurableQueue" roles="user"/>
           <permission type="deleteDurableQueue" roles="user"/>
           <permission type="createTempQueue" roles="user"/>
           <permission type="deleteTempQueue" roles="user"/>
           <permission type="send" roles="europe-user"/>
           <permission type="consume" roles="news-user"/>
           </security>
          
           <!-- only us-user can create/delete any news.europe topics and pulish news to it. -->
           <security match="jms.topic.news.us.#">
           <permission type="createDurableQueue" roles="user"/>
           <permission type="deleteDurableQueue" roles="user"/>
           <permission type="createTempQueue" roles="user"/>
           <permission type="deleteTempQueue" roles="user"/>
           <permission type="send" roles="us-user"/>
           <permission type="consume" roles="news-user"/>
           </security>
          
          </settings>
          


          • 2. Re: Security Configuration --- getting confused
            gaohoward

            my jbm-users.xml

            <deployment xmlns="urn:jboss:messaging" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="urn:jboss:messaging ../schemas/jbm-users.xsd ">
            
             <user name="bill" password="jbossmessaging">
             <role name="user"/>
             </user>
            
             <user name="andrew" password="jbossmessaging1">
             <role name="europe-user"/>
             <role name="user"/>
             </user>
            
             <user name="frank" password="jbossmessaging2">
             <role name="us-user"/>
             <role name="news-user"/>
             <role name="user"/>
             </user>
            
             <user name="sam" password="jbossmessaging3">
             <role name="news-user"/>
             <role name="user"/>
             </user>
            
            </deployment>
            
            



            • 3. Re: Security Configuration --- getting confused
              gaohoward

              and the jbm-jms.xml

              <deployment xmlns="urn:jboss:messaging"
               xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
               xsi:schemaLocation="urn:jboss:messaging ../schemas/jbm-jms.xsd ">
               <!--the connection factory used by the example-->
               <connection-factory name="ConnectionFactory">
               <connector-ref connector-name="netty-connector"/>
               <entries>
               <entry name="ConnectionFactory"/>
               <entry name="XAConnectionFactory"/>
               <entry name="java:/ConnectionFactory"/>
               <entry name="java:/XAConnectionFactory"/>
               </entries>
               </connection-factory>
              
               <topic name="genericTopic">
               <entry name="/topic/genericTopic"/>
               </topic>
              
               <topic name="news.europe.europeTopic">
               <entry name="/topic/europeTopic"/>
               </topic>
              
               <topic name="news.us.usTopic">
               <entry name="/topic/usTopic"/>
               </topic>
              
              </deployment>
              




              • 4. Re: Security Configuration --- getting confused
                ataylor

                can you change the order of the security matches and put '
                last.

                Also check in what you have so far and I'll take a look.

                • 5. Re: Security Configuration --- getting confused
                  gaohoward

                  Thanks Andy, I have checked in the current work.

                  • 6. Re: Security Configuration --- getting confused
                    gaohoward

                    Hi Andy,

                    When you run ant, if you don't want the server output to mess the console up, you can do this:

                    ant | grep User

                    Thanks!

                    • 7. Re: Security Configuration --- getting confused
                      timfox

                      Are you saying the security config is dependent on order in the file?

                      • 8. Re: Security Configuration --- getting confused
                        ataylor

                         

                        "timfox" wrote:
                        Are you saying the security config is dependent on order in the file?


                        no it isn't, just wanted to double check it.

                        • 9. Re: Security Configuration --- getting confused
                          gaohoward

                          I tested, changing the order has no effect on the results.

                          • 10. Re: Security Configuration --- getting confused
                            gaohoward

                            Another thing is that the exceptions are thrown from a different thread than the calling thread. To check an unauthorized consume, for example, I have to send the message and check if the message is not received. But not being able to receive a message can happen with many reasons, it's not security specific.
                            And having the exception thrown on other thread make it harder to debug, as you cannot see from the stack trace any of your source code line numbers.

                            • 11. Re: Security Configuration --- getting confused
                              timfox

                              Set sends to be blocking on the connection factory

                              • 12. Re: Security Configuration --- getting confused
                                gaohoward

                                Thanks Tim. I change to blocking, the flow control seems a bit normal now. :)

                                Now I comment out some of the code, the example now stops at the first seemingly security violation against the configuration.
                                Now you will see the example shows that user frank can send messages to new.europe.europeTopic, which is against the security config, which says only 'europe-user' role can send messages, but frank doesn't belong to the role.

                                • 13. Re: Security Configuration --- getting confused
                                  timfox

                                  Andy is the man when it comes to security hierarchy issues.