4 Replies Latest reply on Apr 24, 2013 5:09 PM by Andy Taylor

    Security Problem with CoreBridge

    m f Newbie

      Hi all,

       

      I difined a corebridge between two servers (source and target servers - i'm using hornetq-2.3.0.CR2)

      In the target server, only admin role can send message.

      My question is, why my bridge from the source server, can send message to the target server, freely?

       

      Thanks in advance.

        • 1. Re: Security Problem with CoreBridge
          Yong Hao Gao Master

          Can you provide some more details? like your configuration and how messages are sent and bridged?

           

          Howard

          • 2. Re: Security Problem with CoreBridge
            m f Newbie

            Scenario:

            1. Client with user:admin, password:admin (This user has admin role), sends message to jms.queue.source
            2. Bridge messages, between the source queue (In the source server) and target queue (In the target server) ---> This should not work!!!

             

            In the source server, Only admin role can send messages to its queues. (I defined user:admin, password: admin, with admin role in the source server).

            In the target server, Only admin2 role can send messages to its queues. (I defined user:admin2, password: admin2, with admin2 role in the target server).

            But the bridge, without any user or password, is able to send messages from the source server to the target server. Why??


            My Configs (I attached them too):

             

            The source Server:

             

                 security settings:

             


            <security-settings>


            <security-setting match="#">



            <permission type="createDurableQueue" roles="admin" />



            <permission type="deleteDurableQueue" roles="admin" />



            <permission type="createNonDurableQueue" roles="admin" />



            <permission type="deleteNonDurableQueue" roles="admin" />



            <permission type="consume" roles="admin" />



            <permission type="send" roles="admin" />


            </security-setting>

            </security-settings>

             

             

             

                 bridge definiation:

             

            <bridges>


            <bridge name="bridge-to-target-server">



            <queue-name>jms.queue.source</queue-name>



            <forwarding-address>jms.queue.target</forwarding-address>



            <ha>false</ha>



            <retry-interval>2000</retry-interval>



            <reconnect-attempts>-1</reconnect-attempts>



            <failover-on-server-shutdown>false</failover-on-server-shutdown>



            <use-duplicate-detection>true</use-duplicate-detection>


            <static-connectors>



            <connector-ref>remote-connector</connector-ref>


            </static-connectors>


            </bridge>

            </bridges>

             

                 users:

             

            <defaultuser name="guest" password="guest">


            <role name="guest" />
            </defaultuser>
            <user name="admin" password="admin">


            <role name="admin"/>
            </user>

             

            The target server:


                 security settings:

             


            <security-settings>


            <security-setting match="#">



            <permission type="createDurableQueue" roles="admin2" />



            <permission type="deleteDurableQueue" roles="admin2" />



            <permission type="createNonDurableQueue" roles="admin2" />



            <permission type="deleteNonDurableQueue" roles="admin2" />



            <permission type="consume" roles="admin2" />



            <permission type="send" roles="admin2" />


            </security-setting>

            </security-settings>

             

                 users:

             

            <defaultuser name="guest" password="guest">


            <role name="guest" />
            </defaultuser>


            <user name="admin2" password="admin2">


            <role name="admin2" />
            </user>
            • 3. Re: Security Problem with CoreBridge
              m f Newbie

              I think it's a bug!!

              • 4. Re: Security Problem with CoreBridge
                Andy Taylor Master

                if you can provide a test or an example we can look into it.