You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "ncasaux (Jira)" <ji...@apache.org> on 2023/04/05 13:52:00 UTC

[jira] [Updated] (AMQ-9241) issue with NACK, redelivery and authorization

     [ https://issues.apache.org/jira/browse/AMQ-9241?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

ncasaux updated AMQ-9241:
-------------------------
    Description: 
Hello,

I'm facing the following issue:
 * I have a user {{myuser }}who have read access to the queue {{myqueue.}}
 * The user connects to {{ws://localhost:61614}} with a websocket client.
 * The user connects via STOMP with:

 * 
 ** CONNECT\nlogin:myuser\npasscode:myuser\naccept-version:1.2,1.1,1.0\nheart-beat:20000,20000\n\n\0

 * The user subscribes to the queue with client acknowledgment mode:
 ** {{SUBSCRIBE\nid:sub-0\ndestination:myqueue\nack:client\n\n\0}}
 * When a message arrives on the queue, the message is received by the client
 * When the client sends a NACK command, it get following error:

{{Failed to schedule redelivery for: ID:ITEM-S134480-65273-1680694344960-7:1:1:1:2}}

The server has following error:

{{java.lang.SecurityException: User myuser is not authorized to write to: queue://myqueue}}

This error does not really make sense to me, I don't understand why this authorization is required.

 

I attached a screenshot of my websocket client (dwst.io), the configuration files I add to modify to reproduce the test with a 5.17.4 vanilla Broker, and the stacktrace.

  was:
Hello,

I'm facing the following issue:
 * I have a user {{myuser }}who have read access to the queue {{myqueue.}}
 * The user connects to {{ws://localhost:61614}} with a websocket client.
 * The user connects via STOMP with:

 ** CONNECT\nlogin:myuser\npasscode:myuser\naccept-version:1.2,1.1,1.0\nheart-beat:20000,20000\n\n\0

 * The user subscribes to the queue with client acknowledgment mode:
 ** {{SUBSCRIBE\nid:sub-0\ndestination:myqueue\nack:client\n\n\0}}
 * When a message arrives on the queue, the message is received by the client
 * When the client sends a NACK command, it get following error:

{{Failed to schedule redelivery for: ID:ITEM-S134480-65273-1680694344960-7:1:1:1:2}}

The server has following error:

java.lang.SecurityException: User myuser is not authorized to write to: queue://myqueue

This error does not really make sense to me, I don't understand why this authorization is required.

 

I attached a screenshot of my websocket client (dwst.io), the configuration files I add to modify to reproduce the test with a 5.17.4 vanilla Broker, and the stacktrace.


> issue with NACK, redelivery and authorization
> ---------------------------------------------
>
>                 Key: AMQ-9241
>                 URL: https://issues.apache.org/jira/browse/AMQ-9241
>             Project: ActiveMQ
>          Issue Type: Bug
>    Affects Versions: 5.16.3, 5.17.4
>            Reporter: ncasaux
>            Priority: Major
>         Attachments: StompNACKError.png, StompNACKStackTrace.txt, activemq.xml, credentials.properties, groups.properties, users.properties
>
>
> Hello,
> I'm facing the following issue:
>  * I have a user {{myuser }}who have read access to the queue {{myqueue.}}
>  * The user connects to {{ws://localhost:61614}} with a websocket client.
>  * The user connects via STOMP with:
>  * 
>  ** CONNECT\nlogin:myuser\npasscode:myuser\naccept-version:1.2,1.1,1.0\nheart-beat:20000,20000\n\n\0
>  * The user subscribes to the queue with client acknowledgment mode:
>  ** {{SUBSCRIBE\nid:sub-0\ndestination:myqueue\nack:client\n\n\0}}
>  * When a message arrives on the queue, the message is received by the client
>  * When the client sends a NACK command, it get following error:
> {{Failed to schedule redelivery for: ID:ITEM-S134480-65273-1680694344960-7:1:1:1:2}}
> The server has following error:
> {{java.lang.SecurityException: User myuser is not authorized to write to: queue://myqueue}}
> This error does not really make sense to me, I don't understand why this authorization is required.
>  
> I attached a screenshot of my websocket client (dwst.io), the configuration files I add to modify to reproduce the test with a 5.17.4 vanilla Broker, and the stacktrace.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)