CODEWITHSUNDEEP
jmsactivemq-artemis
Viraj
Viraj

Reputation: 5381

ActiveMQ Artemis queue send security setting

I have remote ActiveMQ Artemis node which has following security settings

<security-setting match="#">
   <permission type="createNonDurableQueue" roles="admin"/>
   <permission type="deleteNonDurableQueue" roles="admin"/>
   <permission type="createDurableQueue" roles="admin"/>
   <permission type="deleteDurableQueue" roles="admin"/>
   <permission type="createAddress" roles="admin"/>
   <permission type="deleteAddress" roles="admin"/>
   <permission type="consume" roles="admin"/>
   <permission type="browse" roles="admin"/>
   <permission type="send" roles="admin"/>
   <!-- we need this otherwise ./artemis data imp wouldn't work -->
   <permission type="manage" roles="admin"/>
</security-setting>

But when I send message I get this error:

org.apache.activemq.artemis.api.core.ActiveMQSecurityException: AMQ229032: User: admin does not have permission='SEND' on address

What am I missing?

Upvotes: 0

Views: 1371

Answers (2)

Erikas
Erikas

Reputation: 1086

You have something like this in your broker.xml:

      <security-settings>
         <security-setting match="#">
            <permission type="createNonDurableQueue" roles="admin"/>
            <permission type="deleteNonDurableQueue" roles="admin"/>
            <permission type="createDurableQueue" roles="admin"/>
            <permission type="deleteDurableQueue" roles="admin"/>
            <permission type="createAddress" roles="admin"/>
            <permission type="deleteAddress" roles="admin"/>
            <permission type="consume" roles="admin"/>
            <permission type="browse" roles="admin"/>
            <permission type="send" roles="admin"/>
            <permission type="manage" roles="admin"/>
         </security-setting>
      </security-settings>

When you create address::queue, such permissions will apply by default, but if in WebUI you performed addSecuritySettings operation and did something like this:

addressMatch: <your_address>
send: <your_custom_role>
consume: <your_custom_role>
createDurableQueueRoles:
deleteDurableQueueRoles:
createNonDurableQueueRoles:
deleteNonDurableQueueRoles:
manage:

Then your security-settings in broker.xml are overridden and they do not have any impact on your created address::queue, causing permissions error when attempting to produce messages to your address::queue using admin role.

Upvotes: 0

Justin Bertram
Justin Bertram

Reputation: 35008

It appears that your user admin is not in the role admin.

Upvotes: 0

Related Questions