qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bruno Fran├ža <bru...@digirati.com.br>
Subject Federation not working
Date Tue, 27 Sep 2011 19:07:37 GMT
Federation not working

Hi,

I'm doing some tests with Qpid 0.12 and I can't seem to get federation 
to work together with ACL. I'm trying to establish a static route from 
one broker to another, in the following way:

   $ qpid-route queue add admin/admin@localhost:10002 
admin/admin@localhost:10001 amq.fanout test-queue

On the destination side (localhost:10002) I get this error:

   Client closed connection with 320: ACL denied creating a federation link

The ACL configuration on the destination side looks like this:

   group admin admin@QPID
   acl allow-log admin all
   acl deny-log all all

Enabling tracing on the source side I can see the following logs:

2011-09-27 15:32:47 debug SASL: Starting authentication with mechanism: 
DIGEST-M
D5
2011-09-27 15:32:47 debug SASL: sending challenge to client
*2011-09-27 15:32:47 debug ACL: Lookup for id: action:create 
objectType:link name
: with params { }
2011-09-27 15:32:47 debug No successful match, defaulting to the 
decision mode d
eny-log*
2011-09-27 15:32:47 info ACL Deny id: action:create ObjectType:link Name:
2011-09-27 15:32:47 debug SEND raiseEvent (v1) 
class=org.apache.qpid.acl.deny
2011-09-27 15:32:47 debug SEND raiseEvent (v2) 
class=org.apache.qpid.acl.deny
2011-09-27 15:32:47 trace SENT [127.0.0.1:10001-10.7.5.19:59697]: 
Frame[BEbe; ch
annel=0; {ConnectionSecureBody: 
challenge=nonce="6N1LQUW+3/WG8F9GbLhyfe3BxGDNbQL
Ox+dXwCsO7eQ=",realm="QPID",qop="auth,auth-int,auth-conf",cipher="rc4-40,rc4-56,
rc4,des,3des",maxbuf=65535,charset=utf-8,algorithm=md5-sess; }]
2011-09-27 15:32:47 trace SENT [127.0.0.1:10001-10.7.5.19:59697]: 
Frame[BEbe; channel=0; {ConnectionCloseBody: reply-code=320; 
reply-text=ACL denied creating a federation link; }]

Federation only works if I open up the ACL on the source side, by doing:

   "acl allow-log all all"

Searching through the mailing list I found this thread:

http://apache-qpid-users.2158936.n2.nabble.com/Federation-and-ACLs-td2362544.html

Looks like I'm having the exact same problem. Does anybody else 
experience this issue?

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message