Reputation: 53
User: Bob does not have permission='CREATE_DURABLE_QUEUE' for queue bob.test/test/signal/abc on address test/signal/abc
I have configured ActiveMQ Artemis broker.xml file in a way so that one user (Alice) will create the address/queue in Artemis with MQTT protocol. Alice's role is configured such that it can create addresses/queues/send/consume
And the other user (Bob) will only consume/send messages in that queue. Bob's role is configured such that it can only send and consume from topics.
But, I am getting below exceptions while doing the following:
- Publishing to a topic using Alice
- Subscribing to the same topic using Bob
Also getting the same exception when doing the following:
- Subscribing to a topic using Alice
- Subscribing to the same topic using Bob
Error processing Control Packet, Disconnecting Client: ActiveMQSecurityException[errorType=SECURITY_EXCEPTION message=AMQ229213: User: bob123 does not have permission='CREATE_DURABLE_QUEUE' for queue bob.test/test/signal/abc on address test/signal/abc]
broker.xml:
<security-settings>
<security-setting match="test/signal/#">
<permission roles="amq,alice-user" type="createDurableQueue"/>
<permission roles="amq,alice-user" type="deleteDurableQueue"/>
<permission roles="amq,alice-user" type="createAddress"/>
<permission roles="amq,alice-user" type="deleteAddress"/>
<permission roles="amq,alice-user,bob-user" type="send"/>
<permission roles="amq,alice-user,bob-user" type="consume"/>
<permission roles="amq,alice-user,bob-user" type="browse"/>
<permission type="manage" roles="amq,alice-user,bob-user"/>
</security-setting>
</security-settings>
<address-settings>
<address-setting match="test/signal/#">
<default-exclusive-queue>true</default-exclusive-queue>
<max-size-bytes>-1</max-size-bytes>
<page-size-bytes>10485760</page-size-bytes>
<address-full-policy>BLOCK</address-full-policy>
<slow-consumer-threshold>1</slow-consumer-threshold>
<slow-consumer-policy>KILL</slow-consumer-policy>
<slow-consumer-check-period>5</slow-consumer-check-period>
<default-purge-on-no-consumers>true</default-purge-on-no-consumers>
<default-max-consumers>1</default-max-consumers>
<auto-create-addresses>true</auto-create-addresses>
<auto-delete-addresses>true</auto-delete-addresses>
<default-address-routing-type>ANYCAST</default-address-routing-type>
<auto-create-queues>true</auto-create-queues>
<auto-delete-queues>true</auto-delete-queues>
</address-setting>
</address-settings>
Upvotes: 2
Views: 1049
Answers (1)
Reputation: 35122
In order to create a subscription on the destination the user must have permission to create a queue. The queue is the subscription on the broker. You haven't given bob123 this permission so the broker won't allow it.
Also, since you're using the MQTT syntax for destinations (which uses the / character) then you need to configure the broker to use this as the delimiter character so your matches will actually work for your security-setting and address-setting, e.g.:
<wildcard-addresses>
<delimiter>/</delimiter>
</wildcard-addresses>
Upvotes: 2
Related Questions
- Adding a user to ActiveMQ Artemis fails
- ActiveMQ Artemis: AMQ219017 Queue does not exists during runtime
- Error when creating a user in ActiveMQ Artemis
- Connecting to ActiveMQ Artemis with QueueExplorer
- ActiveMQ Artemis is not persistent
- ActiveMQ Artemis can't get queue stat
- Error while setting filter on queue in ArtemisMQ
- Artemis AMQ119213: User: '' does not have permission='CONSUME'
- User: null does not have permission='CREATE_DURABLE_QUEUE'
- activemq User is not authorized to create: topic://ActiveMQ.Advisory.Connection