You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@activemq.apache.org by martin_activeMQ <ma...@bosch-si.com> on 2017/10/09 07:19:37 UTC

Re: User: null does not have permission='CREATE_DURABLE_QUEUE' on address $sys.mqtt.queue.qos2.JavaSample

Hi Justin,

I'm using the latest available version 1.5.5 and it seems that the problem
is reproducible. Any suggestion to workaround this limitation?

address=activemq.notifications,properties=TypedProperties[_AMQ_User=XXXXX,_AMQ_Address=$sys.mqtt.queue.qos2.XXXXXXXX.$sys.mqtt.queue.qos2.XXXXXXXX,_AMQ_NotifType=SECURITY_PERMISSION_VIOLATION,_AMQ_NotifTimestamp=1507531272068,_AMQ_CheckType=CONSUME]]@1606453679
is not going anywhere as it didn't have a binding on
address:activemq.notifications
09:41:12,071 DEBUG [org.apache.activemq.artemis.core.protocol.mqtt] Error
processing Control Packet, Disconnecting Client:
ActiveMQSecurityException[errorType=SECURITY_EXCEPTION message=AMQ119032:
User: XXXXXXXX does not have permission='CONSUME' on address
$sys.mqtt.queue.qos2.XXXXXXXX.$sys.mqtt.queue.qos2.XXXXXXXX]
        at
org.apache.activemq.artemis.core.security.impl.SecurityStoreImpl.check(SecurityStoreImpl.java:201)
[artemis-server-1.5.5.jar:1.5.5]
        at
org.apache.activemq.artemis.core.server.impl.ServerSessionImpl.securityCheck(ServerSessionImpl.java:401)
[artemis-server-1.5.5.jar:1.5.5]

Best regards,
Martin 



--
Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-f2341805.html

Re: User: null does not have permission='CREATE_DURABLE_QUEUE' on address $sys.mqtt.queue.qos2.JavaSample

Posted by Justin Bertram <jb...@apache.org>.

Adding security-settings was the work-around provided on the JIRA.


Justin

On Wed, Oct 11, 2017 at 1:44 PM, Clebert Suconic <cl...@gmail.com>
wrote:

> What about adding the Security Settings for that address?
>
> On Wed, Oct 11, 2017 at 2:08 PM, Justin Bertram <jb...@apache.org>
> wrote:
> > Could you provide the full stack-trace?
> >
> > Also, it's worth noting that a work-around for the issue was posted on
> the
> > aforementioned JIRA a day after it was opened back in February.
> >
> >
> > Justin
> >
> > On Mon, Oct 9, 2017 at 2:19 AM, martin_activeMQ <
> martin.ahchiev@bosch-si.com
> >> wrote:
> >
> >> Hi Justin,
> >>
> >> I'm using the latest available version 1.5.5 and it seems that the
> problem
> >> is reproducible. Any suggestion to workaround this limitation?
> >>
> >> address=activemq.notifications,properties=TypedProperties[_AMQ_User=
> >> XXXXX,_AMQ_Address=$sys.mqtt.queue.qos2.XXXXXXXX.$sys.mqtt.
> >> queue.qos2.XXXXXXXX,_AMQ_NotifType=SECURITY_PERMISSION_
> >> VIOLATION,_AMQ_NotifTimestamp=1507531272068,_AMQ_CheckType=
> >> CONSUME]]@1606453679
> >> is not going anywhere as it didn't have a binding on
> >> address:activemq.notifications
> >> 09:41:12,071 DEBUG [org.apache.activemq.artemis.core.protocol.mqtt]
> Error
> >> processing Control Packet, Disconnecting Client:
> >> ActiveMQSecurityException[errorType=SECURITY_EXCEPTION
> message=AMQ119032:
> >> User: XXXXXXXX does not have permission='CONSUME' on address
> >> $sys.mqtt.queue.qos2.XXXXXXXX.$sys.mqtt.queue.qos2.XXXXXXXX]
> >>         at
> >> org.apache.activemq.artemis.core.security.impl.SecurityStoreImpl.check(
> >> SecurityStoreImpl.java:201)
> >> [artemis-server-1.5.5.jar:1.5.5]
> >>         at
> >> org.apache.activemq.artemis.core.server.impl.ServerSessionImpl.
> >> securityCheck(ServerSessionImpl.java:401)
> >> [artemis-server-1.5.5.jar:1.5.5]
> >>
> >> Best regards,
> >> Martin
> >>
> >>
> >>
> >> --
> >> Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-
> >> f2341805.html
> >>
>
>
>
> --
> Clebert Suconic
>

Re: User: null does not have permission='CREATE_DURABLE_QUEUE' on address $sys.mqtt.queue.qos2.JavaSample

Posted by Clebert Suconic <cl...@gmail.com>.

What about adding the Security Settings for that address?

On Wed, Oct 11, 2017 at 2:08 PM, Justin Bertram <jb...@apache.org> wrote:
> Could you provide the full stack-trace?
>
> Also, it's worth noting that a work-around for the issue was posted on the
> aforementioned JIRA a day after it was opened back in February.
>
>
> Justin
>
> On Mon, Oct 9, 2017 at 2:19 AM, martin_activeMQ <martin.ahchiev@bosch-si.com
>> wrote:
>
>> Hi Justin,
>>
>> I'm using the latest available version 1.5.5 and it seems that the problem
>> is reproducible. Any suggestion to workaround this limitation?
>>
>> address=activemq.notifications,properties=TypedProperties[_AMQ_User=
>> XXXXX,_AMQ_Address=$sys.mqtt.queue.qos2.XXXXXXXX.$sys.mqtt.
>> queue.qos2.XXXXXXXX,_AMQ_NotifType=SECURITY_PERMISSION_
>> VIOLATION,_AMQ_NotifTimestamp=1507531272068,_AMQ_CheckType=
>> CONSUME]]@1606453679
>> is not going anywhere as it didn't have a binding on
>> address:activemq.notifications
>> 09:41:12,071 DEBUG [org.apache.activemq.artemis.core.protocol.mqtt] Error
>> processing Control Packet, Disconnecting Client:
>> ActiveMQSecurityException[errorType=SECURITY_EXCEPTION message=AMQ119032:
>> User: XXXXXXXX does not have permission='CONSUME' on address
>> $sys.mqtt.queue.qos2.XXXXXXXX.$sys.mqtt.queue.qos2.XXXXXXXX]
>>         at
>> org.apache.activemq.artemis.core.security.impl.SecurityStoreImpl.check(
>> SecurityStoreImpl.java:201)
>> [artemis-server-1.5.5.jar:1.5.5]
>>         at
>> org.apache.activemq.artemis.core.server.impl.ServerSessionImpl.
>> securityCheck(ServerSessionImpl.java:401)
>> [artemis-server-1.5.5.jar:1.5.5]
>>
>> Best regards,
>> Martin
>>
>>
>>
>> --
>> Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-
>> f2341805.html
>>



-- 
Clebert Suconic

Re: User: null does not have permission='CREATE_DURABLE_QUEUE' on address $sys.mqtt.queue.qos2.JavaSample

Posted by martin_activeMQ <ma...@bosch-si.com>.

As far as I know, they left left that use case and they will not support it.



--
Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-f2341805.html

Re: User: null does not have permission='CREATE_DURABLE_QUEUE' on address $sys.mqtt.queue.qos2.JavaSample

Posted by Justin Bertram <jb...@apache.org>.

I'm only interested in the part of the stack-trace that covers Artemis
code.  Assuming they haven't made significant modifications of their own to
Artemis (for whatever reason) there's really no security risk here.

Also, have they tried the work-around on the JIRA?


Justin

Re: User: null does not have permission='CREATE_DURABLE_QUEUE' on address $sys.mqtt.queue.qos2.JavaSample

Posted by martin_activeMQ <ma...@bosch-si.com>.

Hi Justin,

Sorry for the late reply, but I'm not able to provide the full stack trace.
The problem was reported by a customer and according their security policy
they are not allowed to provide me that information.

Best Regards,
Martin



--
Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-f2341805.html

Re: User: null does not have permission='CREATE_DURABLE_QUEUE' on address $sys.mqtt.queue.qos2.JavaSample

Posted by Justin Bertram <jb...@apache.org>.

Could you provide the full stack-trace?

Also, it's worth noting that a work-around for the issue was posted on the
aforementioned JIRA a day after it was opened back in February.


Justin

On Mon, Oct 9, 2017 at 2:19 AM, martin_activeMQ <martin.ahchiev@bosch-si.com
> wrote:

> Hi Justin,
>
> I'm using the latest available version 1.5.5 and it seems that the problem
> is reproducible. Any suggestion to workaround this limitation?
>
> address=activemq.notifications,properties=TypedProperties[_AMQ_User=
> XXXXX,_AMQ_Address=$sys.mqtt.queue.qos2.XXXXXXXX.$sys.mqtt.
> queue.qos2.XXXXXXXX,_AMQ_NotifType=SECURITY_PERMISSION_
> VIOLATION,_AMQ_NotifTimestamp=1507531272068,_AMQ_CheckType=
> CONSUME]]@1606453679
> is not going anywhere as it didn't have a binding on
> address:activemq.notifications
> 09:41:12,071 DEBUG [org.apache.activemq.artemis.core.protocol.mqtt] Error
> processing Control Packet, Disconnecting Client:
> ActiveMQSecurityException[errorType=SECURITY_EXCEPTION message=AMQ119032:
> User: XXXXXXXX does not have permission='CONSUME' on address
> $sys.mqtt.queue.qos2.XXXXXXXX.$sys.mqtt.queue.qos2.XXXXXXXX]
>         at
> org.apache.activemq.artemis.core.security.impl.SecurityStoreImpl.check(
> SecurityStoreImpl.java:201)
> [artemis-server-1.5.5.jar:1.5.5]
>         at
> org.apache.activemq.artemis.core.server.impl.ServerSessionImpl.
> securityCheck(ServerSessionImpl.java:401)
> [artemis-server-1.5.5.jar:1.5.5]
>
> Best regards,
> Martin
>
>
>
> --
> Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-
> f2341805.html
>