13 Replies Latest reply on Apr 28, 2009 11:30 PM by timfox

Security Configuration --- getting confused

gaohoward Apr 28, 2009 6:06 AM

Hi, when working on the security example, I improved the configuration a little, adding some more stuff here. But I'm confused that the configuration seems not consistent with my result.

In the configuration I have 4 users bill, andrew, frank and sam, each has different roles
And I also configured 3 topics: genericTopic, news.europe.europeTopic and news.us.usTopic.
The security settings can be simply described in the following chart:

Users | user | news-user | europe-user | us-user
--------------------------------------------------------------------
bill | X | | |
andrew | X | | X |
frank | X | X | | X
sam | X | X | |
--------------------------------------------------------------------
Topics | | | |
--------------------------------------------------------------------
genericTopic | rw | rw | rw | rw
europeTopic | | r | w |
usTopic | | r | | w
--------------------------------------------------------------------

Note:

r --- means the corresponding role can receive messages from the topic
w --- means the corresponding role can send messages to the topic

But when I run the example to show the result, I got several 'Security Broken' cases, The output is:


 [java] User bill can send message: [hello-world-4] to topic: JBossTopic[genericTopic]
 [java] User bill can receive message: [hello-world-4] from topic: JBossTopic[genericTopic]
 [java] User andrew can send message: [hello-world-4] to topic: JBossTopic[genericTopic]
 [java] User andrew can receive message: [hello-world-4] from topic: JBossTopic[genericTopic]
 [java] User frank can send message: [hello-world-4] to topic: JBossTopic[genericTopic]
 [java] User frank can receive message: [hello-world-4] from topic: JBossTopic[genericTopic]
 [java] User sam can send message: [hello-world-4] to topic: JBossTopic[genericTopic]
 [java] User sam can receive message: [hello-world-4] from topic: JBossTopic[genericTopic]
 [java] User bill cannot create consumer on topic JBossTopic[news.europe.europeTopic]
 [java] User bill cannot send message [hello-world-3] to topic: JBossTopic[news.europe.europeTopic]
 [java] User andrew can send message [hello-world-2] to topic JBossTopic[news.europe.europeTopic]
 [java] Security setting is broken! User andrew can receive message [hello-world-2] from topic JBossTopic[news.europe.europeTopic]
 [java] Security setting is broken! User frank can send message [hello-world-1] to topic JBossTopic[news.europe.europeTopic]
 [java] User frank can receive message [hello-world-1] from topic JBossTopic[news.europe.europeTopic]
 [java] Security setting is broken! User sam can send message [hello-world-1] to topic JBossTopic[news.europe.europeTopic]
 [java] User sam can receive message [hello-world-1] from topic JBossTopic[news.europe.europeTopic]
 [java] User bill cannot create consumer on topic JBossTopic[news.us.usTopic]
 [java] User bill cannot send message [hello-world-3] to topic: JBossTopic[news.us.usTopic]
 [java] User andrew cannot send message [hello-world-3] to topic: JBossTopic[news.us.usTopic]
 [java] Security setting is broken! User andrew can receive message [hello-world-3] from topic JBossTopic[news.us.usTopic]
 [java] User frank can send message: [hello-world-4] to topic: JBossTopic[news.us.usTopic]
 [java] User frank can receive message: [hello-world-4] from topic: JBossTopic[news.us.usTopic]
 [java] Security setting is broken! User sam can send message [hello-world-1] to topic JBossTopic[news.us.usTopic]
 [java] User sam can receive message [hello-world-1] from topic JBossTopic[news.us.usTopic]
 [java] Java Result: 1

If you take one error from the above, for example:

Security setting is broken! User andrew can receive message [hello-world-2] from topic J
BossTopic[news.europe.europeTopic]

You can see user andrew can receive message from news.europe.europeTopic, which should not according to the chart.

What's wrong? Can anybody help? I really have no idea.

1. Re: Security Configuration --- getting confused

gaohoward Apr 28, 2009 6:07 AM (in response to gaohoward)

my jbm-queues.xml

<settings xmlns="urn:jboss:messaging"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="urn:jboss:messaging ../schemas/jbm-queues.xsd ">

 <!-- any user can have full control of generic topics -->
 <security match="jms.topic.#">
 <permission type="createDurableQueue" roles="user"/>
 <permission type="deleteDurableQueue" roles="user"/>
 <permission type="createTempQueue" roles="user"/>
 <permission type="deleteTempQueue" roles="user"/>
 <permission type="send" roles="user"/>
 <permission type="consume" roles="user"/>
 </security>

 <!-- only europe-user can create/delete any news.europe topics and pulish news to it. -->
 <security match="jms.topic.news.europe.#">
 <permission type="createDurableQueue" roles="user"/>
 <permission type="deleteDurableQueue" roles="user"/>
 <permission type="createTempQueue" roles="user"/>
 <permission type="deleteTempQueue" roles="user"/>
 <permission type="send" roles="europe-user"/>
 <permission type="consume" roles="news-user"/>
 </security>

 <!-- only us-user can create/delete any news.europe topics and pulish news to it. -->
 <security match="jms.topic.news.us.#">
 <permission type="createDurableQueue" roles="user"/>
 <permission type="deleteDurableQueue" roles="user"/>
 <permission type="createTempQueue" roles="user"/>
 <permission type="deleteTempQueue" roles="user"/>
 <permission type="send" roles="us-user"/>
 <permission type="consume" roles="news-user"/>
 </security>

</settings>

2. Re: Security Configuration --- getting confused

gaohoward Apr 28, 2009 6:08 AM (in response to gaohoward)

my jbm-users.xml

<deployment xmlns="urn:jboss:messaging" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="urn:jboss:messaging ../schemas/jbm-users.xsd ">

 <user name="bill" password="jbossmessaging">
 <role name="user"/>
 </user>

 <user name="andrew" password="jbossmessaging1">
 <role name="europe-user"/>
 <role name="user"/>
 </user>

 <user name="frank" password="jbossmessaging2">
 <role name="us-user"/>
 <role name="news-user"/>
 <role name="user"/>
 </user>

 <user name="sam" password="jbossmessaging3">
 <role name="news-user"/>
 <role name="user"/>
 </user>

</deployment>

3. Re: Security Configuration --- getting confused

gaohoward Apr 28, 2009 6:09 AM (in response to gaohoward)

and the jbm-jms.xml

<deployment xmlns="urn:jboss:messaging"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="urn:jboss:messaging ../schemas/jbm-jms.xsd ">
 <!--the connection factory used by the example-->
 <connection-factory name="ConnectionFactory">
 <connector-ref connector-name="netty-connector"/>
 <entries>
 <entry name="ConnectionFactory"/>
 <entry name="XAConnectionFactory"/>
 <entry name="java:/ConnectionFactory"/>
 <entry name="java:/XAConnectionFactory"/>
 </entries>
 </connection-factory>

 <topic name="genericTopic">
 <entry name="/topic/genericTopic"/>
 </topic>

 <topic name="news.europe.europeTopic">
 <entry name="/topic/europeTopic"/>
 </topic>

 <topic name="news.us.usTopic">
 <entry name="/topic/usTopic"/>
 </topic>

</deployment>

4. Re: Security Configuration --- getting confused

ataylor Apr 28, 2009 6:22 AM (in response to gaohoward)

can you change the order of the security matches and put '
last.

Also check in what you have so far and I'll take a look.
Actions
5. Re: Security Configuration --- getting confused

gaohoward Apr 28, 2009 6:36 AM (in response to gaohoward)

Thanks Andy, I have checked in the current work.
Actions
6. Re: Security Configuration --- getting confused

gaohoward Apr 28, 2009 6:42 AM (in response to gaohoward)

Hi Andy,

When you run ant, if you don't want the server output to mess the console up, you can do this:

ant | grep User

Thanks!
Actions
7. Re: Security Configuration --- getting confused

timfox Apr 28, 2009 6:54 AM (in response to gaohoward)

Are you saying the security config is dependent on order in the file?
Actions
8. Re: Security Configuration --- getting confused

ataylor Apr 28, 2009 6:57 AM (in response to gaohoward)

"timfox" wrote:
Are you saying the security config is dependent on order in the file?

no it isn't, just wanted to double check it.
Actions
9. Re: Security Configuration --- getting confused

gaohoward Apr 28, 2009 7:18 AM (in response to gaohoward)

I tested, changing the order has no effect on the results.
Actions
10. Re: Security Configuration --- getting confused

gaohoward Apr 28, 2009 8:10 AM (in response to gaohoward)

Another thing is that the exceptions are thrown from a different thread than the calling thread. To check an unauthorized consume, for example, I have to send the message and check if the message is not received. But not being able to receive a message can happen with many reasons, it's not security specific.
And having the exception thrown on other thread make it harder to debug, as you cannot see from the stack trace any of your source code line numbers.
Actions
11. Re: Security Configuration --- getting confused

timfox Apr 28, 2009 8:14 AM (in response to gaohoward)

Set sends to be blocking on the connection factory
Actions
12. Re: Security Configuration --- getting confused

gaohoward Apr 28, 2009 11:27 PM (in response to gaohoward)

Thanks Tim. I change to blocking, the flow control seems a bit normal now. :)

Now I comment out some of the code, the example now stops at the first seemingly security violation against the configuration.
Now you will see the example shows that user frank can send messages to new.europe.europeTopic, which is against the security config, which says only 'europe-user' role can send messages, but frank doesn't belong to the role.
Actions
13. Re: Security Configuration --- getting confused

timfox Apr 28, 2009 11:30 PM (in response to gaohoward)

Andy is the man when it comes to security hierarchy issues.
Actions

Go to original post