Red Hat AMQ 7.1 - ActiveMQSecurityException throws during creation of a MessageConsumer

Question

I'm configuring an AMQ broker for my Java application. Users and roles are defined in their respective configuration properties files. These users have specific permissions depending on the address they are trying to use.

All of this is configured in the broker.xml. The broker uses 3 addresses: genericTopic, news.europe.europeTopic, news.us.usTopic. For the genericTopic address, all users have all the permissions.

Nevertheless, I'm getting this exception:

 An exception occured while executing the Java class. AMQ119213: User: bill does not have permission='CREATE_NON_DURABLE_QUEUE' for queue 576bc5ef-3373-409b-b45d-0b382107f915 on address genericTopic

The broker.xml file contains:

<?xml version="1.0" encoding="UTF-8" standalone="no"?>

<configuration xmlns="urn:activemq" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:activemq /schema/artemis-server.xsd">

   <core xmlns="urn:activemq:core">

      <bindings-directory>./data/messaging/bindings</bindings-directory>

      <journal-directory>./data/messaging/journal</journal-directory>

      <large-messages-directory>./data/messaging/largemessages</large-messages-directory>

      <paging-directory>./data/messaging/paging</paging-directory>

      <!-- Acceptors -->
      <acceptors>
         <acceptor name="netty-acceptor">tcp://localhost:61616</acceptor>
      </acceptors>

      <!-- Other config -->

      <security-settings>
         <!-- any user can have full control of generic topics -->
         <security-setting match="#">
            <permission roles="user" type="createDurableQueue"/>
            <permission roles="user" type="deleteDurableQueue"/>
            <permission roles="user" type="createNonDurableQueue"/>
            <permission roles="user" type="deleteNonDurableQueue"/>
            <permission roles="user" type="send"/>
            <permission roles="user" type="consume"/>
         </security-setting>

         <security-setting match="news.europe.#">
            <permission roles="user" type="createDurableQueue"/>
            <permission roles="user" type="deleteDurableQueue"/>
            <permission roles="user" type="createNonDurableQueue"/>
            <permission roles="user" type="deleteNonDurableQueue"/>
            <permission roles="europe-user" type="send"/>
            <permission roles="news-user" type="consume"/>
         </security-setting>

         <security-setting match="news.us.#">
            <permission roles="user" type="createDurableQueue"/>
            <permission roles="user" type="deleteDurableQueue"/>
            <permission roles="user" type="createNonDurableQueue"/>
            <permission roles="user" type="deleteNonDurableQueue"/>
            <permission roles="us-user" type="send"/>
            <permission roles="news-user" type="consume"/>
         </security-setting>

         <security-setting match="jms.tempqueue.#">
           <permission roles="user" type="createDurableQueue"/>
           <permission roles="user" type="deleteDurableQueue"/>
           <permission roles="user" type="createNonDurableQueue"/>
           <permission roles="user" type="deleteNonDurableQueue"/>
           <permission roles="user" type="send"/>
           <permission roles="user" type="consume"/>    
        </security-setting>

      </security-settings>

      <addresses>
         <address name="genericTopic">
            <multicast/>
         </address>
         <address name="news.europe.europeTopic">
            <multicast/>
         </address>
         <address name="news.us.usTopic">
            <multicast/>
         </address>
      </addresses>
   </core>
</configuration>

artemis-users.properties

bill = ENC(1024:020FEC8DB7EBBCB987FD25F1188EA71FA13FD4E0BF504963891EDC97E1ED1285:3E53D34A96F9995612C7C585CA04BA63CF5F531C92510E882960F848BFC3982AF47FCD40AB888F9AC10648CCEBA1DD52C0F0A312B2C90225D9A46DDC50198B3C)
andrew = ENC(1024:3E09F4D16A6970F3C40E24784AFE64AFD66349174AB20B2609109646A8F0561F:F22063143058EBCF47A0ACA1C29DBCB82C4AF15E510F5C801B47928AEA1836D1480BFD0DFD0320BA567D1A32C98859C02350AE271DC530F29D7E16E910E251AD)
frank = ENC(1024:49292EEC8AA19AB5390A0F0D67AA5A3978DE1AF0F561B641A1CE90B3C9637AAD:22A8F9A4B144B9CC173F3B1D5A2B09FE57642234534C2EB3A805DB7D5F7FEA398B58EB9380B8EA69B916B5CFA23BC7573E09A87A20C0DF1A35A1134270260BE4)
sam = ENC(1024:39832F10D9734D7E6EECE16BCEAA5E2917D384B4CE482A2A4B3D3E7A550B0A5C:CCA47914C6DD64AE6B69FE977BB445CBCDEA50D458E7F42AA341FA84A11C302E2EAB072E57B41A636589C89246911A6A49424CBA4B629F4846826183E9AD9DA1)

artemis-roles.properties

user=bill,andrew,frank,sam
europe-user=andrew
news-user=frank,sam
us-user=frank

In Java, the user bill can authenticate with supplied password, I can create producers for genericTopic with user bill, but not a MessageConsumer.

This is the line of Java code that causes the exception:

MessageConsumer consumer = session.createConsumer(topic);

Here are some additonal logs in the AMQ broker:

2018-06-25 16:47:26,264 WARN  [org.apache.activemq.artemis.core.server] AMQ222107: Cleared up resources for session 590f0d6e-78c1-11e8-a8e1-e82aea578992
2018-06-25 16:48:44,412 WARN  [org.apache.activemq.artemis.core.server] AMQ222061: Client connection failed, clearing up resources for session 87928e3c-78c1-11e8-bcaa-e82aea578992

UPDATE: I solved some part of the problem. All my passwords were incorrect. Now there are no excepcionts but the message consumer blocks and waits forever for a message that exists (checked that on the web console) but for some reason It cannot receive. Also, I'm still getting the same warnings about client connection failed. More specifically, the application stops here:

TextMessage receivedMsg = (TextMessage) consumer.receive();

If you specify one of the other users such as `andrew` does it work properly? If you could update your posting with whether this affects only user `bill` or all of the users, it may be helpful. — Richard Chambers, Jun 25 '18 at 21:12
Used the same test for andrew but got the same exception. BTW I edited the question and added additonal info. — Kelper, Jun 25 '18 at 21:52
I'm sorry but I don't know enough about this to give you any suggestions much less an answer. That other users are giving the same exception indicates some kind of a setting problem. Perhaps there are additional settings that need to be specified? Good luck on this one. — Richard Chambers, Jun 25 '18 at 22:28
Thany you anyway. My passwords were all incorrect. So I re-compiled the code. Now I edited the question. There are no exceptions but the consumer never gets the message. — Kelper, Jun 25 '18 at 22:39
If the `receive()` is blocking then it would appear that there is nothing available for the client on the specified topic. I am pretty hazy with this having used RabbitMQ on Raspberry Pi with AMQP briefly while looking at several messaging protocol solutions. It seems there was a timeout parameter that could be specified. What I had was two clients communicating through a RabbitMQ server on the Pi. The two clients were each in their own XTerm running as a separate process. Are you sure you have both producer and consumers that are using the same topic? — Richard Chambers, Jun 25 '18 at 23:27
I'm sorry for wasting your time. It was a newbie error caused by incorrect passwords and I forgot to use connection.start() method. That caused the blocking consumer. Now all is working. Many thanks for your time indeed. — Kelper, Jun 25 '18 at 23:35
Lol. It happens. I'm glad that you figured it out and that you were polite enough to let everyone know. I am going to go ahead and mark this closed as a typographical error so that people will not bother with it. — Richard Chambers, Jun 25 '18 at 23:38

Red Hat AMQ 7.1 - ActiveMQSecurityException throws during creation of a MessageConsumer

0 Answers0