0

When the kura published to localhost:1883 on Kapua, I got the following errors:

WARN o.e.k.b.c.p.KapuaSecurityBrokerFilter - User 1:kapua-broker (kapua-broker - tcp://10.0.2.2:56178 - conn id is not authorized to write to: topic://VirtualTopic.hahaha.kapua 1840321435420579455)-broker.DHT11Sensor.DHT11Data 13:26:43.493 [ActiveMQ NIO Worker 5] WARN o.a.a.b.TransportConnection.Service - Security Error occurred on connection to: tcp://10.0.2.2:56178, User 1:kapua-broker (kapua-broker - tcp://10.0.2.2:56178 - conn id 1840321435420579455) is not authorized to write to: topic://VirtualTopic.hahaha.kapua-broker.DHT11Sensor.DHT11Data 13:26:43.493 [ActiveMQ NIO Worker 5] WARN o.a.a.t.mqtt.MQTTProtocolConverter - Failed to send MQTT Publish: 13:26:48.495 [ActiveMQ NIO Worker 6] WARN o.e.k.b.c.p.KapuaSecurityBrokerFilter - User 1:kapua-broker (kapua-broker - tcp://10.0.2.2:56178 - conn id 1840321435420579455) is not authorized to write

Misha Brukman
  • 12,938
  • 4
  • 61
  • 78
HeiHei
  • 11
  • 3

2 Answers2

2

As I know, Kapua has a ACL access rules that define who can publis / subscribe / admin different topics/channels on broker. If you connected to Kapua with user that has broker privileges, than you could write only to topic: topic://VirtualTopic.{account-name}.{client-id} now in you case that would mean that you have account hahaha and client with id kapua-broker. Is that the case? If not set the topic accordingly. For example to something like this: topic://VirtualTopic.kapua-sys.client-1.DHT11Sensor.DHT11Data and when you connect wiht kapua-broker user specify client-1 as client id. Kapua-broker user is under kapua-sys account (that is a bit confusing as kapua-sys is als o a user). Does this help you?

Uros Mesaric
  • 311
  • 2
  • 5
0

I cannot comment @uros-mesaric question. Its answer is correct. Below there is just a clarification

In Kapua you are allowed to publish/subscribe according to your user permission.

If your user has only broker:connect permission you can publish/subscribe only on topic:

{account-name}/{connectionClientId}/{semanticTopic}

In your specific case you should publish/subscribe on topic:

kapus-sys/1840321435420579455/DHT11Sensor/DHT11Data

kapua-sys is the account name to which the user kapua-broker belongs, while 1840321435420579455 is the clientId used to create the connection.

Please note that username used to connect and account name are two different things in Kapua. An account has multiple users.

Coduz
  • 51
  • 2