[Artemis] [Bug] Consume from non-durable jms topic

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Artemis] [Bug] Consume from non-durable jms topic

abhijith
Hi,

We are using Artemis 1.4.0 version and have a jms topic defined.  We have defined two specific roles for all topics, one to send and another to consume

artemis-roles.properties:
sendtopic=testtopicuser
consumetopic=testtopicuser

broker.xml:
 <topic name="exampleTopic"/>
 <security-setting match="jms.topic.#">
     <permission type="consume" roles="consumetopic"/>
     <permission type="send" roles="sendtopic"/>
 </security-setting>

When I try to send to this topic, it works fine.  But when I try to consume from this topic it fails giving below error.  If I add <permission type="createNonDurableQueue" roles="consumetopic"/> permission, it works fine.  Is this a bug in Artemis or am I missing something?  Any help is greatly appreciated.

javax.jms.JMSSecurityException: AMQ119032: User: testtopicuser does not have permission='CREATE_NON_DURABLE_QUEUE' on address jms.topic.exampleTopic

        at org.apache.activemq.artemis.core.protocol.core.impl.ChannelImpl.sendBlocking(ChannelImpl.java:409)
        at org.apache.activemq.artemis.core.protocol.core.impl.ChannelImpl.sendBlocking(ChannelImpl.java:307)
        at org.apache.activemq.artemis.core.protocol.core.impl.ActiveMQSessionContext.createQueue(ActiveMQSessionContext.java:590)
        at org.apache.activemq.artemis.core.client.impl.ClientSessionImpl.internalCreateQueue(ClientSessionImpl.java:1620)
        at org.apache.activemq.artemis.core.client.impl.ClientSessionImpl.createTemporaryQueue(ClientSessionImpl.java:314)
        at org.apache.activemq.artemis.jms.client.ActiveMQSession.createConsumer(ActiveMQSession.java:690)
        at org.apache.activemq.artemis.jms.client.ActiveMQSession.createConsumer(ActiveMQSession.java:353)
        at org.apache.activemq.artemis.jms.client.ActiveMQSession.createConsumer(ActiveMQSession.java:325)
        at BasicSendReceiveTopicISTest.testBasicSendReceiveForStringMessage(BasicSendReceiveTopicISTest.java:59)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.testng.internal.MethodInvocationHelper.invokeMethod(MethodInvocationHelper.java:85)
        at org.testng.internal.Invoker.invokeMethod(Invoker.java:639)
        at org.testng.internal.Invoker.invokeTestMethod(Invoker.java:816)
        at org.testng.internal.Invoker.invokeTestMethods(Invoker.java:1124)
        at org.testng.internal.TestMethodWorker.invokeTestMethods(TestMethodWorker.java:125)
        at org.testng.internal.TestMethodWorker.run(TestMethodWorker.java:108)
        at org.testng.TestRunner.privateRun(TestRunner.java:774)
        at org.testng.TestRunner.run(TestRunner.java:624)
        at org.testng.SuiteRunner.runTest(SuiteRunner.java:359)
        at org.testng.SuiteRunner.runSequentially(SuiteRunner.java:354)
        at org.testng.SuiteRunner.privateRun(SuiteRunner.java:312)
        at org.testng.SuiteRunner.run(SuiteRunner.java:261)
        at org.testng.SuiteRunnerWorker.runSuite(SuiteRunnerWorker.java:52)
        at org.testng.SuiteRunnerWorker.run(SuiteRunnerWorker.java:86)
        at org.testng.TestNG.runSuitesSequentially(TestNG.java:1215)
        at org.testng.TestNG.runSuitesLocally(TestNG.java:1140)
        at org.testng.TestNG.run(TestNG.java:1048)
        at org.testng.IDEARemoteTestNG.run(IDEARemoteTestNG.java:72)
        at org.testng.RemoteTestNGStarter.main(RemoteTestNGStarter.java:127)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at com.intellij.rt.execution.application.AppMain.main(AppMain.java:147)
Caused by: ActiveMQSecurityException[errorType=SECURITY_EXCEPTION message=AMQ119032: User: testtopicuser does not have permission='CREATE_NON_DURABLE_QUEUE' on address jms.topic.exampleTopic]
        ... 37 more

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [Artemis] [Bug] Consume from non-durable jms topic

jbertram
It looks to me like everything is working as it should.  For a JMS client to create a consumer on a topic means that it has to create a subscription (i.e. a non-durable queue).  If the user doesn't have permission to do this then it can't create a consumer on the topic.


Justin

----- Original Message -----
From: "abhijith" <[hidden email]>
To: [hidden email]
Sent: Wednesday, April 5, 2017 9:53:20 PM
Subject: [Artemis] [Bug] Consume from non-durable jms topic

Hi,

We are using Artemis 1.4.0 version and have a jms topic defined.  We have
defined two specific roles for all topics, one to send and another to
consume

artemis-roles.properties:
sendtopic=testtopicuser
consumetopic=testtopicuser

broker.xml:
 <topic name="exampleTopic"/>
 <security-setting match="jms.topic.#">
     <permission type="consume" roles="consumetopic"/>
     <permission type="send" roles="sendtopic"/>
 </security-setting>

When I try to send to this topic, it works fine.  But when I try to consume
from this topic it fails giving below error.  If I add <permission
type="createNonDurableQueue" roles="consumetopic"/> permission, it works
fine.  Is this a bug in Artemis or am I missing something?  Any help is
greatly appreciated.

javax.jms.JMSSecurityException: AMQ119032: User: testtopicuser does not have
permission='CREATE_NON_DURABLE_QUEUE' on address jms.topic.exampleTopic

        at
org.apache.activemq.artemis.core.protocol.core.impl.ChannelImpl.sendBlocking(ChannelImpl.java:409)
        at
org.apache.activemq.artemis.core.protocol.core.impl.ChannelImpl.sendBlocking(ChannelImpl.java:307)
        at
org.apache.activemq.artemis.core.protocol.core.impl.ActiveMQSessionContext.createQueue(ActiveMQSessionContext.java:590)
        at
org.apache.activemq.artemis.core.client.impl.ClientSessionImpl.internalCreateQueue(ClientSessionImpl.java:1620)
        at
org.apache.activemq.artemis.core.client.impl.ClientSessionImpl.createTemporaryQueue(ClientSessionImpl.java:314)
        at
org.apache.activemq.artemis.jms.client.ActiveMQSession.createConsumer(ActiveMQSession.java:690)
        at
org.apache.activemq.artemis.jms.client.ActiveMQSession.createConsumer(ActiveMQSession.java:353)
        at
org.apache.activemq.artemis.jms.client.ActiveMQSession.createConsumer(ActiveMQSession.java:325)
        at
BasicSendReceiveTopicISTest.testBasicSendReceiveForStringMessage(BasicSendReceiveTopicISTest.java:59)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at
org.testng.internal.MethodInvocationHelper.invokeMethod(MethodInvocationHelper.java:85)
        at org.testng.internal.Invoker.invokeMethod(Invoker.java:639)
        at org.testng.internal.Invoker.invokeTestMethod(Invoker.java:816)
        at org.testng.internal.Invoker.invokeTestMethods(Invoker.java:1124)
        at
org.testng.internal.TestMethodWorker.invokeTestMethods(TestMethodWorker.java:125)
        at org.testng.internal.TestMethodWorker.run(TestMethodWorker.java:108)
        at org.testng.TestRunner.privateRun(TestRunner.java:774)
        at org.testng.TestRunner.run(TestRunner.java:624)
        at org.testng.SuiteRunner.runTest(SuiteRunner.java:359)
        at org.testng.SuiteRunner.runSequentially(SuiteRunner.java:354)
        at org.testng.SuiteRunner.privateRun(SuiteRunner.java:312)
        at org.testng.SuiteRunner.run(SuiteRunner.java:261)
        at org.testng.SuiteRunnerWorker.runSuite(SuiteRunnerWorker.java:52)
        at org.testng.SuiteRunnerWorker.run(SuiteRunnerWorker.java:86)
        at org.testng.TestNG.runSuitesSequentially(TestNG.java:1215)
        at org.testng.TestNG.runSuitesLocally(TestNG.java:1140)
        at org.testng.TestNG.run(TestNG.java:1048)
        at org.testng.IDEARemoteTestNG.run(IDEARemoteTestNG.java:72)
        at org.testng.RemoteTestNGStarter.main(RemoteTestNGStarter.java:127)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at com.intellij.rt.execution.application.AppMain.main(AppMain.java:147)
Caused by: ActiveMQSecurityException[errorType=SECURITY_EXCEPTION
message=AMQ119032: User: testtopicuser does not have
permission='CREATE_NON_DURABLE_QUEUE' on address jms.topic.exampleTopic]
        ... 37 more





--
View this message in context: http://activemq.2283324.n4.nabble.com/Artemis-Bug-Consume-from-non-durable-jms-topic-tp4724597.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [Artemis] [Bug] Consume from non-durable jms topic

abhijith
Thanks for the reply and thats interesting.  Does this mean, in order to listen to a topic you would always need 2 roles?  createNonDurableQueue and consume?

Trying to understand difference with Queue.  We don't need to have createDurableQueue role to consume from a queue..right?
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [Artemis] [Bug] Consume from non-durable jms topic

jbertram
> Does this mean, in order to listen to a topic you would always need 2 roles?  createNonDurableQueue and consume?

You don't need two roles.  You just need two "permissions" (i.e. createNonDurableQueue and consume).  A single role can have multiple permissions.

> We don't need to have createDurableQueue role to consume from a queue..right?

You don't if the queue has already been created (e.g. via management operation or broker.xml).  However, if you are relying on the broker to auto-create the queue for you then the user will need the "createDurableQueue" permission.


Justin

----- Original Message -----
From: "abhijith" <[hidden email]>
To: [hidden email]
Sent: Wednesday, April 5, 2017 10:30:12 PM
Subject: Re: [Artemis] [Bug] Consume from non-durable jms topic

Thanks for the reply and thats interesting.  Does this mean, in order to
listen to a topic you would always need 2 roles?  createNonDurableQueue and
consume?

Trying to understand difference with Queue.  We don't need to have
createDurableQueue role to consume from a queue..right?



--
View this message in context: http://activemq.2283324.n4.nabble.com/Artemis-Bug-Consume-from-non-durable-jms-topic-tp4724597p4724599.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [Artemis] [Bug] Consume from non-durable jms topic

abhijith
Good to know.  Thanks.  Appreciate the help
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [Artemis] [Bug] Consume from non-durable jms topic

clebertsuconic
I would recommend you guys moving to 1.5.latest though.. it's totally
compatible.


On Thu, Apr 6, 2017 at 3:37 PM, abhijith <[hidden email]> wrote:
> Good to know.  Thanks.  Appreciate the help
>
>
>
> --
> View this message in context: http://activemq.2283324.n4.nabble.com/Artemis-Bug-Consume-from-non-durable-jms-topic-tp4724597p4724667.html
> Sent from the ActiveMQ - User mailing list archive at Nabble.com.



--
Clebert Suconic
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [Artemis] [Bug] Consume from non-durable jms topic

abhijith
Looking to move to 2.0 directly.  Are there any pitfalls which we need to be aware of?  Hoping 1.4 JMS client is fully compatible with 2.0 broker.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [Artemis] [Bug] Consume from non-durable jms topic

clebertsuconic
Addressing is different...

you will need to name your queues and topics with jms.queue and
jms.topic on Artemis 2.0 manually.


There's a difference on that.. I would recommend upgrading everything
to not require that.


there's also a way to specify prefixes on the acceptor. I guess
@Martyn Taylor or @Justin Bertram would know better.

On Fri, Apr 7, 2017 at 10:37 AM, abhijith <[hidden email]> wrote:
> Looking to move to 2.0 directly.  Are there any pitfalls which we need to be
> aware of?  Hoping 1.4 JMS client is fully compatible with 2.0 broker.
>
>
>
> --
> View this message in context: http://activemq.2283324.n4.nabble.com/Artemis-Bug-Consume-from-non-durable-jms-topic-tp4724597p4724745.html
> Sent from the ActiveMQ - User mailing list archive at Nabble.com.



--
Clebert Suconic
Loading...