You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "ncasaux (Jira)" <ji...@apache.org> on 2023/04/05 13:52:00 UTC
[jira] [Updated] (AMQ-9241) issue with NACK, redelivery and authorization
[ https://issues.apache.org/jira/browse/AMQ-9241?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
ncasaux updated AMQ-9241:
-------------------------
Description:
Hello,
I'm facing the following issue:
* I have a user {{myuser }}who have read access to the queue {{myqueue.}}
* The user connects to {{ws://localhost:61614}} with a websocket client.
* The user connects via STOMP with:
*
** CONNECT\nlogin:myuser\npasscode:myuser\naccept-version:1.2,1.1,1.0\nheart-beat:20000,20000\n\n\0
* The user subscribes to the queue with client acknowledgment mode:
** {{SUBSCRIBE\nid:sub-0\ndestination:myqueue\nack:client\n\n\0}}
* When a message arrives on the queue, the message is received by the client
* When the client sends a NACK command, it get following error:
{{Failed to schedule redelivery for: ID:ITEM-S134480-65273-1680694344960-7:1:1:1:2}}
The server has following error:
{{java.lang.SecurityException: User myuser is not authorized to write to: queue://myqueue}}
This error does not really make sense to me, I don't understand why this authorization is required.
I attached a screenshot of my websocket client (dwst.io), the configuration files I add to modify to reproduce the test with a 5.17.4 vanilla Broker, and the stacktrace.
was:
Hello,
I'm facing the following issue:
* I have a user {{myuser }}who have read access to the queue {{myqueue.}}
* The user connects to {{ws://localhost:61614}} with a websocket client.
* The user connects via STOMP with:
** CONNECT\nlogin:myuser\npasscode:myuser\naccept-version:1.2,1.1,1.0\nheart-beat:20000,20000\n\n\0
* The user subscribes to the queue with client acknowledgment mode:
** {{SUBSCRIBE\nid:sub-0\ndestination:myqueue\nack:client\n\n\0}}
* When a message arrives on the queue, the message is received by the client
* When the client sends a NACK command, it get following error:
{{Failed to schedule redelivery for: ID:ITEM-S134480-65273-1680694344960-7:1:1:1:2}}
The server has following error:
java.lang.SecurityException: User myuser is not authorized to write to: queue://myqueue
This error does not really make sense to me, I don't understand why this authorization is required.
I attached a screenshot of my websocket client (dwst.io), the configuration files I add to modify to reproduce the test with a 5.17.4 vanilla Broker, and the stacktrace.
> issue with NACK, redelivery and authorization
> ---------------------------------------------
>
> Key: AMQ-9241
> URL: https://issues.apache.org/jira/browse/AMQ-9241
> Project: ActiveMQ
> Issue Type: Bug
> Affects Versions: 5.16.3, 5.17.4
> Reporter: ncasaux
> Priority: Major
> Attachments: StompNACKError.png, StompNACKStackTrace.txt, activemq.xml, credentials.properties, groups.properties, users.properties
>
>
> Hello,
> I'm facing the following issue:
> * I have a user {{myuser }}who have read access to the queue {{myqueue.}}
> * The user connects to {{ws://localhost:61614}} with a websocket client.
> * The user connects via STOMP with:
> *
> ** CONNECT\nlogin:myuser\npasscode:myuser\naccept-version:1.2,1.1,1.0\nheart-beat:20000,20000\n\n\0
> * The user subscribes to the queue with client acknowledgment mode:
> ** {{SUBSCRIBE\nid:sub-0\ndestination:myqueue\nack:client\n\n\0}}
> * When a message arrives on the queue, the message is received by the client
> * When the client sends a NACK command, it get following error:
> {{Failed to schedule redelivery for: ID:ITEM-S134480-65273-1680694344960-7:1:1:1:2}}
> The server has following error:
> {{java.lang.SecurityException: User myuser is not authorized to write to: queue://myqueue}}
> This error does not really make sense to me, I don't understand why this authorization is required.
>
> I attached a screenshot of my websocket client (dwst.io), the configuration files I add to modify to reproduce the test with a 5.17.4 vanilla Broker, and the stacktrace.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)