activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Clebert Suconic <clebert.suco...@gmail.com>
Subject Re: Artemis 2.0 Security settings
Date Mon, 15 May 2017 22:32:49 GMT
You could just remove the prefix from the security settings.


I would use Artemis 2.1 already. I'm about to send the release announce

On Mon, May 15, 2017 at 4:51 PM, abhijith <topcoderabhijith@gmail.com> wrote:
> Hi,
>
> With 1.x we had configured security settings and topic like below
>
>  <jms xmlns="urn:activemq:jms">
>
>         <queue name="DLQ"/>
>         <queue name="ExpiryQueue"/>
>         <queue name="divertQueue1"/>
>         <queue name="divertQueue2"/>
>
>
>         <topic name="exampleTopic"/>
>         <topic name="divertTopic"/>
>     </jms>
>
> <security-settings>
>             <security-setting match="jms.queue.#">
>                 <permission type="createDurableQueue" roles="admin"/>
>                 <permission type="deleteDurableQueue" roles="admin"/>
>                 <permission type="createNonDurableQueue" roles="admin"/>
>                 <permission type="deleteNonDurableQueue" roles="admin"/>
>                 <permission type="consume" roles="admin"/>
>                 <permission type="send" roles="admin"/>
>             </security-setting>
>             <security-setting match="jms.topic.#">
>                 <permission type="createDurableQueue" roles="admin"/>
>                 <permission type="deleteDurableQueue" roles="admin"/>
>                 <permission type="createNonDurableQueue" roles="admin"/>
>                 <permission type="deleteNonDurableQueue" roles="admin"/>
>                 <permission type="consume" roles="admin"/>
>                 <permission type="send" roles="admin"/>
>             </security-setting>
>         </security-settings>
>
> With move to 2.x, I ran migrate1x command.  That changed my jms declaration
> like below
> <addresses>
>             <address name="ExpiryQueue">
>                 <anycast>
>                     <queue name="ExpiryQueue"/>
>                 </anycast>
>             </address>
>             <address name="exampleTopic">
>                 <multicast/>
>             </address>
>             <address name="DLQ">
>                 <anycast>
>                     <queue name="DLQ"/>
>                 </anycast>
>             </address>
>             <address name="divertQueue2">
>                 <anycast>
>                     <queue name="divertQueue2"/>
>                 </anycast>
>             </address>
>             <address name="divertTopic">
>                 <multicast/>
>             </address>
>             <address name="divertQueue1">
>                 <anycast>
>                     <queue name="divertQueue1"/>
>                 </anycast>
>             </address>
>         </addresses>
>
> I see two issues with it.  First is security settings did not change.  If
> previous convention was to add 'jms.queue' and 'jms.topic' then I think
> migrate command can take care of it.
> To fix this I updated acceptor to add prefix
>
> <acceptor
> name="netty-acceptor">tcp://localhost:61616?anycastPrefix=jms.queue.;multicastPrefix=jms.topic.</acceptor>
>
> But still it fails giving below error message.  Notice that it is not giving
> right address name
>
> Caused by: javax.jms.JMSSecurityException: AMQ119032: User: admin does not
> have permission='CREATE_DURABLE_QUEUE' on address ykkUjHVg
>         at
> org.apache.activemq.artemis.core.protocol.core.impl.ChannelImpl.sendBlocking(ChannelImpl.java:412)
>         at
> org.apache.activemq.artemis.core.protocol.core.impl.ChannelImpl.sendBlocking(ChannelImpl.java:322)
>         at
> org.apache.activemq.artemis.core.protocol.core.impl.ActiveMQSessionContext.createQueue(ActiveMQSessionContext.java:635)
>         at
> org.apache.activemq.artemis.core.client.impl.ClientSessionImpl.internalCreateQueue(ClientSessionImpl.java:1836)
>         at
> org.apache.activemq.artemis.core.client.impl.ClientSessionImpl.createQueue(ClientSessionImpl.java:389)
>         at
> org.apache.activemq.artemis.jms.client.ActiveMQSession.createConsumer(ActiveMQSession.java:670)
>         at
> org.apache.activemq.artemis.jms.client.ActiveMQSession.createConsumer(ActiveMQSession.java:359)
>         at
> org.apache.activemq.artemis.jms.client.ActiveMQSession.createConsumer(ActiveMQSession.java:331)
>         at
> org.apache.activemq.artemis.jms.client.ActiveMQJMSContext.createConsumer(ActiveMQJMSContext.java:371)
>         ... 29 more
> Caused by: ActiveMQSecurityException[errorType=SECURITY_EXCEPTION
> message=AMQ119032: User: admin does not have
> permission='CREATE_DURABLE_QUEUE' on address ykkUjHVg]
>         ... 38 more
>
> Please let me know if I am doing anything wrong?  Do I need to change my
> address setting manually?  If I set it to generic '#' then it works fine.
>
>
>
> --
> View this message in context: http://activemq.2283324.n4.nabble.com/Artemis-2-0-Security-settings-tp4726174.html
> Sent from the ActiveMQ - User mailing list archive at Nabble.com.



-- 
Clebert Suconic

Mime
View raw message