-
Notifications
You must be signed in to change notification settings - Fork 924
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ARTEMIS-4924 Proper handling of invalid messages in SNF queues #5091
base: main
Are you sure you want to change the base?
Conversation
4124f76
to
161c9a1
Compare
I think we already have a way to prevent sending with rbac if that is the problem. |
161c9a1
to
2269bb2
Compare
@gtully @jbertram I've upated the PR. Now when a cluster connection is activated, a Role is added so that when security is enabled any client will be denied of sending messages to store and forward queues. When security is disabled, or user overrides the role in security settings, messages are sent to snf queue will be moved to DLQ when messages are to be added to snf queue. |
2269bb2
to
f79f1e8
Compare
I'm running the whole test suite now. if it's good it LGTM. @gtully let me know what you think... I will post the results for the test suite here. We should probably merge this before the release if it's all good. |
Thanks @clebertsuconic |
artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/QueueImpl.java
Outdated
Show resolved
Hide resolved
.../main/java/org/apache/activemq/artemis/core/server/cluster/impl/ClusterConnectionBridge.java
Show resolved
Hide resolved
...rc/main/java/org/apache/activemq/artemis/core/server/cluster/impl/ClusterConnectionImpl.java
Outdated
Show resolved
Hide resolved
44bc79d
to
1a1f0f5
Compare
@gtully PR updated. I added a bit documentation. |
9419454
to
a611107
Compare
c1749d8
to
bdb0fd1
Compare
abba07a
to
e67f6f5
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks good to me. Adding the detail property is a nice addition to help trouble shooting.
I think the commit message needs to be updated to better reflect what it is now doing. |
e67f6f5
to
222f01a
Compare
@gtully I've updated the commit messages as well as the jira title. Thanks! |
eb162b3
to
81fbdb7
Compare
9eabc41
to
719c1cd
Compare
- Send invalid messages in SNF queues to DLQ - Add documentation for store and forward queue proper usage
719c1cd
to
43e0525
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The root problem here is an invalid message at the head of the snf queue.
it is good that we can identify it as invalid and that we remove it, and moving it to a dlq makes sense. where there is an option to drop it by not configuring a dlq for the snf.
But the question of what DLQ to use. If for example the messages in a snf queue exipre, I would expect them to go to the expiryQueue of the original target, the snf queue should not have an expiryQueue of its own, otherwise it just gets in the way of processing expired messages.
Is it true that in the case of no queue routing info, we don't know what the original queue is?
For the test, where there is a send to the snfq, that seems odd, really that should just be denied with security. And in that case, the target queue is the snf, so it brings in the snf dlq back into play, which seems wrong for the same reason that a snf expiry queue is wrong!
If we can remove the direct sent to snfq scenario and can find the original message target, then I think we should send to the original target dlq in this case.
if not, maybe this is the best we can do, but is it worth the complexity compared to just rejecting or dropping the invalid message?
No description provided.