ActimeMQ runtimeConfigurationPlugin doesn't work as expected

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

ActimeMQ runtimeConfigurationPlugin doesn't work as expected

zaptos
Hello!
I've been configured ActimeMQ as MQTT broker using *jaasAuthenticationPlugin
& runtimeConfigurationPlugin* features, but unfortunately I have an issues
when I don't understand - is it a bug or feature in ActiveMQ:
1) There is a configured user *test *with password *testpass*. The ActiveMQ
is running and the client has been subscribed to the topic *test/topic*.
Everything works as expected - when I try to produce some messages for this
topic, the client is receiving it. Then I change password to another one,
for example *qwerty*. I see that the configuration has been reloaded, but
the client is still connected! If I stop the running client manually and
start it again, I'll get the error about wrong pair username\password.
2) The same situation, but I've added permissions for write\read the
specified topics only using *authorizationEntry*. I've started the MQTT
producer which successfully publishes messages to this topics, but when the
pattern of topics in the *broker.xm*l has been changed and the configuration
has been reloaded, nothing happens expect warnings *"user is not authorized
to write to the topic XXX"* in the logs, but the producer has no error and
continues publishing.

My question is how can I enforce to disconnect such clients\producers?
Because as I said after reconnected they are getting an expected error that
the credentials or permissions are wrong. Thanks!



--
Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-f2341805.html
Reply | Threaded
Open this post in threaded view
|

Re: ActimeMQ runtimeConfigurationPlugin doesn't work as expected

gtully
That is as expected. There auth happens at new connection time, there is
nothing that tracks existing connections and boots them out.

On Tue, 5 Dec 2017 at 22:52 zaptos <[hidden email]> wrote:

> Hello!
> I've been configured ActimeMQ as MQTT broker using
> *jaasAuthenticationPlugin
> & runtimeConfigurationPlugin* features, but unfortunately I have an issues
> when I don't understand - is it a bug or feature in ActiveMQ:
> 1) There is a configured user *test *with password *testpass*. The ActiveMQ
> is running and the client has been subscribed to the topic *test/topic*.
> Everything works as expected - when I try to produce some messages for this
> topic, the client is receiving it. Then I change password to another one,
> for example *qwerty*. I see that the configuration has been reloaded, but
> the client is still connected! If I stop the running client manually and
> start it again, I'll get the error about wrong pair username\password.
> 2) The same situation, but I've added permissions for write\read the
> specified topics only using *authorizationEntry*. I've started the MQTT
> producer which successfully publishes messages to this topics, but when the
> pattern of topics in the *broker.xm*l has been changed and the
> configuration
> has been reloaded, nothing happens expect warnings *"user is not authorized
> to write to the topic XXX"* in the logs, but the producer has no error and
> continues publishing.
>
> My question is how can I enforce to disconnect such clients\producers?
> Because as I said after reconnected they are getting an expected error that
> the credentials or permissions are wrong. Thanks!
>
>
>
> --
> Sent from:
> http://activemq.2283324.n4.nabble.com/ActiveMQ-User-f2341805.html
>
Reply | Threaded
Open this post in threaded view
|

Re: ActimeMQ runtimeConfigurationPlugin doesn't work as expected

zaptos
That's a bit strange behaviour for me, especially because ActiveMQ Artemis
disconnets such clients in the same situation..
But could you provide some tips, how can I configure my code for doing that
manually? Does some system topic exist where I can send a disconnect signal
for the specified consumer or produser?



--
Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-f2341805.html
Reply | Threaded
Open this post in threaded view
|

Re: ActimeMQ runtimeConfigurationPlugin doesn't work as expected

gtully
it may be tricky, simplest may be to cycle the broker when permissions are
removed or remove/add the transportconnector such that all connections
recycle.
There are no system topics that allow modification in that way, the
advisory topics are read only.
JMX gives an alternative route to explore if the transportConnector recycle
does not suit.

On Wed, 6 Dec 2017 at 20:51 zaptos <[hidden email]> wrote:

> That's a bit strange behaviour for me, especially because ActiveMQ Artemis
> disconnets such clients in the same situation..
> But could you provide some tips, how can I configure my code for doing that
> manually? Does some system topic exist where I can send a disconnect signal
> for the specified consumer or produser?
>
>
>
> --
> Sent from:
> http://activemq.2283324.n4.nabble.com/ActiveMQ-User-f2341805.html
>