You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "Martyn Taylor (JIRA)" <ji...@apache.org> on 2017/03/10 13:17:04 UTC
[jira] [Resolved] (ARTEMIS-990) AMQ119032: User: Customer does not
have permission='CREATE_DURABLE_QUEUE' on address $sys.mqtt.queue.qos2
[ https://issues.apache.org/jira/browse/ARTEMIS-990?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Martyn Taylor resolved ARTEMIS-990.
-----------------------------------
Resolution: Fixed
> AMQ119032: User: Customer does not have permission='CREATE_DURABLE_QUEUE' on address $sys.mqtt.queue.qos2
> ---------------------------------------------------------------------------------------------------------
>
> Key: ARTEMIS-990
> URL: https://issues.apache.org/jira/browse/ARTEMIS-990
> Project: ActiveMQ Artemis
> Issue Type: Bug
> Components: MQTT
> Affects Versions: 1.5.3
> Environment: RHEL 7
> Reporter: Himer MARTINEZ
> Assignee: Martyn Taylor
> Fix For: 1.5.5, 2.0.0
>
>
> Hello Guys,
> We are experiencing this issue with MQTT,
> Our issue : *AMQ119032: User: Customer does not have permission='CREATE_DURABLE_QUEUE' on address $sys.mqtt.queue.qos2.0a971d7ad7de58aea7c0*
> {code:title=MQTTBasicPubSubExample.java|borderStyle=solid}
> package com.mycompany.mqtt;
> import java.security.SecureRandom;
> import java.security.cert.CertificateException;
> import java.security.cert.X509Certificate;
> import java.util.concurrent.TimeUnit;
> import javax.net.ssl.KeyManager;
> import javax.net.ssl.SSLContext;
> import javax.net.ssl.TrustManager;
> import javax.net.ssl.X509TrustManager;
> import org.fusesource.hawtbuf.UTF8Buffer;
> import org.fusesource.mqtt.client.BlockingConnection;
> import org.fusesource.mqtt.client.MQTT;
> import org.fusesource.mqtt.client.Message;
> import org.fusesource.mqtt.client.QoS;
> import org.fusesource.mqtt.client.Topic;
> /**
> * A simple MQTT publish and subscribe example.
> */
> public class MQTTBasicPubSubExample {
> public static void main(final String[] args) throws Exception {
> // Create a new MQTT connection to the broker. We are not setting the client ID. The broker will pick one for us.
> System.out.println("Connecting to Artemis using MQTT");
> MQTT mqtt = new MQTT();
> mqtt.setConnectAttemptsMax(2);
> mqtt.setReconnectAttemptsMax(1);
>
> mqtt.setUserName("Customer");
> mqtt.setPassword("customerpwd");
>
>
> mqtt.setHost("ssl://localhost:1883");
> BlockingConnection connection = mqtt.blockingConnection();
> connection.connect();
> System.out.println("Connected to Artemis");
> // Subscribe to topics
> Topic[] topics = {new Topic("digital/test/data", QoS.AT_LEAST_ONCE)};
> System.out.println("start subscribe");
> connection.subscribe(topics);
> System.out.println("end subscribe");
>
> System.out.println("Subscribed to topics.");
> // Publish Messages
> String payload4 = "This is message 4";
>
> System.out.println("start publish");
> connection.publish("digital/test/data", payload4.getBytes(), QoS.AT_MOST_ONCE, false);
> System.out.println("end publish");
> System.out.println("Sent messages.");
> Message message4 = connection.receive(5, TimeUnit.SECONDS);
> System.out.println("Received messages.");
> System.out.println(new String(message4.getPayload()));
> message4.ack();
> connection.disconnect();
> }
> }
> {code}
> {code:title=broker.xml|borderStyle=solid}
> <?xml version='1.0'?>
> <!--
> Licensed to the Apache Software Foundation (ASF) under one
> or more contributor license agreements. See the NOTICE file
> distributed with this work for additional information
> regarding copyright ownership. The ASF licenses this file
> to you under the Apache License, Version 2.0 (the
> "License"); you may not use this file except in compliance
> with the License. You may obtain a copy of the License at
> http://www.apache.org/licenses/LICENSE-2.0
> Unless required by applicable law or agreed to in writing,
> software distributed under the License is distributed on an
> "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
> KIND, either express or implied. See the License for the
> specific language governing permissions and limitations
> under the License.
> -->
> <configuration xmlns="urn:activemq"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xsi:schemaLocation="urn:activemq /schema/artemis-configuration.xsd">
> <jms xmlns="urn:activemq:jms">
> <queue name="DLQ"/>
> <queue name="ExpiryQueue"/>
> </jms>
> <core xmlns="urn:activemq:core">
> <name>localhost</name>
> <persistence-enabled>true</persistence-enabled>
> <!-- this could be ASYNCIO or NIO
> -->
> <journal-type>ASYNCIO</journal-type>
> <paging-directory>/artemis/datas/paging</paging-directory>
> <bindings-directory>/artemis/datas/bindings</bindings-directory>
> <journal-directory>/artemis/datas/journal</journal-directory>
> <large-messages-directory>/artemis/datas/large-messages</large-messages-directory>
> <journal-datasync>true</journal-datasync>
> <journal-min-files>2</journal-min-files>
> <journal-pool-files>-1</journal-pool-files>
> <!--
> You can specify the NIC you want to use to verify if the network
> <network-check-NIC>theNickName</network-check-NIC>
> -->
> <!--
> Use this to use an HTTP server to validate the network
> <network-check-URL-list>http://www.apache.org</network-check-URL-list> -->
> <!-- <network-check-period>10000</network-check-period> -->
> <!-- <network-check-timeout>1000</network-check-timeout> -->
> <!-- this is a comma separated list, no spaces, just DNS or IPs
> it should accept IPV6
> Warning: Make sure you understand your network topology as this is meant to validate if your network is valid.
> Using IPs that could eventually disappear or be partially visible may defeat the purpose.
> You can use a list of multiple IPs, and if any successful ping will make the server OK to continue running -->
> <!-- <network-check-list>10.0.0.1</network-check-list> -->
> <!-- use this to customize the ping used for ipv4 addresses -->
> <!-- <network-check-ping-command>ping -c 1 -t %d %s</network-check-ping-command> -->
> <!-- use this to customize the ping used for ipv6 addresses -->
> <!-- <network-check-ping6-command>ping6 -c 1 %2$s</network-check-ping6-command> -->
> <!--
> This value was determined through a calculation.
> Your system could perform 1 writes per millisecond
> on the current journal configuration.
> That translates as a sync write every 1004000 nanoseconds
> -->
> <journal-buffer-timeout>1004000</journal-buffer-timeout>
> <connectors>
> <!-- Connector used to be announced through cluster connections and notifications -->
> <connector name="artemis">tcp://localhost:61616</connector>
> </connectors>
> <ha-policy>
> <shared-store>
> <master>
> <failover-on-shutdown>true</failover-on-shutdown>
> </master>
> </shared-store>
> </ha-policy>
> <!-- how often we are looking for how many bytes are being used on the disk in ms -->
> <disk-scan-period>5000</disk-scan-period>
> <!-- once the disk hits this limit the system will block, or close the connection in certain protocols
> that won't support flow control. -->
> <max-disk-usage>90</max-disk-usage>
> <!-- the system will enter into page mode once you hit this limit.
> This is an estimate in bytes of how much the messages are using in memory -->
> <global-max-size>104857600</global-max-size>
> <acceptors>
> <!-- Acceptor for every supported protocol -->
> <acceptor name="artemis">tcp://localhost:61616?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;protocols=CORE,AMQP,STOMP,HORNETQ,MQTT,OPENWIRE</acceptor>
> <!-- AMQP Acceptor. Listens on default AMQP port for AMQP traffic.-->
> <acceptor name="amqp">tcp://localhost:5672?protocols=AMQP</acceptor>
> <!-- STOMP Acceptor. -->
> <acceptor name="stomp">tcp://localhost:61613?protocols=STOMP</acceptor>
> <!-- HornetQ Compatibility Acceptor. Enables HornetQ Core and STOMP for legacy HornetQ clients. -->
> <acceptor name="hornetq">tcp://localhost:5445?protocols=HORNETQ,STOMP</acceptor>
> <!-- MQTT Acceptor -->
> <acceptor name="mqtt">tcp://localhost:1883?protocols=MQTT;sslEnabled=true;keyStorePath=/artemis/brokers/certificats/keystore.jks;keyStorePassword=artemispwd</acceptor>
> </acceptors>
> <cluster-user>AdminCluster</cluster-user>
> <cluster-password>AdminCluster</cluster-password>
> <broadcast-groups>
> <broadcast-group name="bg-group1">
> <group-address>231.7.7.7</group-address>
> <group-port>9876</group-port>
> <broadcast-period>5000</broadcast-period>
> <connector-ref>artemis</connector-ref>
> </broadcast-group>
> </broadcast-groups>
> <discovery-groups>
> <discovery-group name="dg-group1">
> <group-address>231.7.7.7</group-address>
> <group-port>9876</group-port>
> <refresh-timeout>10000</refresh-timeout>
> </discovery-group>
> </discovery-groups>
> <cluster-connections>
> <cluster-connection name="my-cluster">
> <address>jms</address>
> <connector-ref>artemis</connector-ref>
> <message-load-balancing>ON_DEMAND</message-load-balancing>
> <max-hops>0</max-hops>
> <discovery-group-ref discovery-group-name="dg-group1"/>
> </cluster-connection>
> </cluster-connections>
> <security-enabled>true</security-enabled>
> <security-settings>
> <security-setting match="#">
> <permission type="createNonDurableQueue" roles="Digital"/>
> <permission type="deleteNonDurableQueue" roles="Digital"/>
> <permission type="createDurableQueue" roles="Digital"/>
> <permission type="deleteDurableQueue" roles="Digital"/>
> <permission type="consume" roles="Digital"/>
> <permission type="browse" roles="Digital"/>
> <permission type="send" roles="Digital"/-->
> <!-- we need this otherwise ./artemis data imp wouldn't work -->
> <permission type="manage" roles="Digital"/>
> </security-setting-->
> <security-setting match="digital.test.#">
> <!-- permission type="createNonDurableQueue" roles="Commerce"/-->
> <!--permission type="deleteNonDurableQueue" roles="digital,Commerce"/-->
> <!--permission type="createDurableQueue" roles="Commerce"/-->
> <!--permission type="deleteDurableQueue" roles="digital,Commerce"/-->
> <!-- permission type="consume" roles="Commerce"/-->
> <!-- permission type="browse" roles="Commerce"/-->
> <permission type="send" roles="Client"/>
> <!-- permission type="manage" roles="Commerce" /-->
> </security-setting>
> </security-settings>
> <queues>
> <queue name="digital.test.data">
> <durable>true</durable>
> </queue>
> </queues>
> <address-settings>
> <!--default for catch all-->
> <address-setting match="#">
> <dead-letter-address>jms.queue.DLQ</dead-letter-address>
> <expiry-address>jms.queue.ExpiryQueue</expiry-address>
> <redelivery-delay>0</redelivery-delay>
> <!-- with -1 only the global-max-size is in use for limiting -->
> <max-size-bytes>-1</max-size-bytes>
> <message-counter-history-day-limit>1</message-counter-history-day-limit>
> <address-full-policy>PAGE</address-full-policy>
> <expiry-delay>10</expiry-delay>
> </address-setting>
> </address-settings>
> </core>
> </configuration>
> {code}
> {code:title=Issue en client side|borderStyle=solid}
> Exception in thread "main" java.io.EOFException: Peer disconnected
> at org.fusesource.hawtdispatch.transport.AbstractProtocolCodec.read(AbstractProtocolCodec.java:331)
> at org.fusesource.hawtdispatch.transport.TcpTransport.drainInbound(TcpTransport.java:710)
> at org.fusesource.hawtdispatch.transport.TcpTransport$6.run(TcpTransport.java:592)
> at org.fusesource.hawtdispatch.internal.NioDispatchSource$3.run(NioDispatchSource.java:209)
> at org.fusesource.hawtdispatch.internal.SerialDispatchQueue.run(SerialDispatchQueue.java:100)
> at org.fusesource.hawtdispatch.internal.pool.SimpleThread.run(SimpleThread.java:77)
> {code}
> {code:title=artemis log file extract|borderStyle=solid}
> 10:13:37,116 DEBUG [org.apache.activemq.artemis.core.postoffice.impl.PostOfficeImpl] Couldn't find any bindings for address=activemq.notifications on message=ServerMessage[messageID=234572,durable=true,userID=null,priority=0, bodySize=512, timestamp=0,expiration=Thu Feb 23 10:13:37 CET 2017, durable=true, address=activemq.notifications,properties=TypedProperties[_AMQ_User=Customer,_AMQ_Address=$sys.mqtt.queue.qos2.0a971d7ad7de58aea7c0,_AMQ_NotifType=SECURITY_PERMISSION_VIOLATION,_AMQ_NotifTimestamp=1487841217116,_AMQ_CheckType=CREATE_DURABLE_QUEUE]]@1241929264
> 10:13:37,116 DEBUG [org.apache.activemq.artemis.core.postoffice.impl.PostOfficeImpl] Message ServerMessage[messageID=234572,durable=true,userID=null,priority=0, bodySize=512, timestamp=0,expiration=Thu Feb 23 10:13:37 CET 2017, durable=true, address=activemq.notifications,properties=TypedProperties[_AMQ_User=Customer,_AMQ_Address=$sys.mqtt.queue.qos2.0a971d7ad7de58aea7c0,_AMQ_NotifType=SECURITY_PERMISSION_VIOLATION,_AMQ_NotifTimestamp=1487841217116,_AMQ_CheckType=CREATE_DURABLE_QUEUE]]@1241929264 is not going anywhere as it didn't have a binding on address:activemq.notifications
> 10:13:37,116 DEBUG [org.apache.activemq.artemis.core.protocol.mqtt] Error processing Control Packet, Disconnecting Client: ActiveMQSecurityException[errorType=SECURITY_EXCEPTION message=AMQ119032: User: Customer does not have permission='CREATE_DURABLE_QUEUE' on address $sys.mqtt.queue.qos2.0a971d7ad7de58aea7c0]
> at org.apache.activemq.artemis.core.security.impl.SecurityStoreImpl.check(SecurityStoreImpl.java:201) [artemis-server-1.5.2.jar:1.5.2]
> at org.apache.activemq.artemis.core.server.impl.ServerSessionImpl.securityCheck(ServerSessionImpl.java:401) [artemis-server-1.5.2.jar:1.5.2]
> at org.apache.activemq.artemis.core.server.impl.ServerSessionImpl.createQueue(ServerSessionImpl.java:506) [artemis-server-1.5.2.jar:1.5.2]
> at org.apache.activemq.artemis.core.protocol.mqtt.MQTTPublishManager.createManagementQueue(MQTTPublishManager.java:92) [artemis-mqtt-protocol-1.5.2.jar:]
> at org.apache.activemq.artemis.core.protocol.mqtt.MQTTPublishManager.start(MQTTPublishManager.java:65) [artemis-mqtt-protocol-1.5.2.jar:]
> at org.apache.activemq.artemis.core.protocol.mqtt.MQTTSession.start(MQTTSession.java:71) [artemis-mqtt-protocol-1.5.2.jar:]
> at org.apache.activemq.artemis.core.protocol.mqtt.MQTTConnectionManager.connect(MQTTConnectionManager.java:83) [artemis-mqtt-protocol-1.5.2.jar:]
> at org.apache.activemq.artemis.core.protocol.mqtt.MQTTProtocolHandler.handleConnect(MQTTProtocolHandler.java:163) [artemis-mqtt-protocol-1.5.2.jar:]
> at org.apache.activemq.artemis.core.protocol.mqtt.MQTTProtocolHandler.channelRead(MQTTProtocolHandler.java:103) [artemis-mqtt-protocol-1.5.2.jar:]
> at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:372) [netty-all-4.1.5.Final.jar:4.1.5.Final]
> at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:358) [netty-all-4.1.5.Final.jar:4.1.5.Final]
> at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:350) [netty-all-4.1.5.Final.jar:4.1.5.Final]
> at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:293) [netty-all-4.1.5.Final.jar:4.1.5.Final]
> at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:267) [netty-all-4.1.5.Final.jar:4.1.5.Final]
> at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:372) [netty-all-4.1.5.Final.jar:4.1.5.Final]
> at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:358) [netty-all-4.1.5.Final.jar:4.1.5.Final]
> at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:350) [netty-all-4.1.5.Final.jar:4.1.5.Final]
> at io.netty.handler.codec.ByteToMessageDecoder.handlerRemoved(ByteToMessageDecoder.java:219) [netty-all-4.1.5.Final.jar:4.1.5.Final]
> at io.netty.channel.DefaultChannelPipeline.callHandlerRemoved0(DefaultChannelPipeline.java:631) [netty-all-4.1.5.Final.jar:4.1.5.Final]
> at io.netty.channel.DefaultChannelPipeline.remove(DefaultChannelPipeline.java:468) [netty-all-4.1.5.Final.jar:4.1.5.Final]
> at io.netty.channel.DefaultChannelPipeline.remove(DefaultChannelPipeline.java:428) [netty-all-4.1.5.Final.jar:4.1.5.Final]
> at org.apache.activemq.artemis.core.protocol.ProtocolHandler$ProtocolDecoder.decode(ProtocolHandler.java:186) [artemis-server-1.5.2.jar:1.5.2]
> at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:411) [netty-all-4.1.5.Final.jar:4.1.5.Final]
> at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:248) [netty-all-4.1.5.Final.jar:4.1.5.Final]
> at org.apache.activemq.artemis.core.protocol.ProtocolHandler$ProtocolDecoder.channelRead(ProtocolHandler.java:129) [artemis-server-1.5.2.jar:1.5.2]
> at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:372) [netty-all-4.1.5.Final.jar:4.1.5.Final]
> at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:358) [netty-all-4.1.5.Final.jar:4.1.5.Final]
> at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:350) [netty-all-4.1.5.Final.jar:4.1.5.Final]
> at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1334) [netty-all-4.1.5.Final.jar:4.1.5.Final]
> at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:372) [netty-all-4.1.5.Final.jar:4.1.5.Final]
> at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:358) [netty-all-4.1.5.Final.jar:4.1.5.Final]
> at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:926) [netty-all-4.1.5.Final.jar:4.1.5.Final]
> at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:129) [netty-all-4.1.5.Final.jar:4.1.5.Final]
> at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:610) [netty-all-4.1.5.Final.jar:4.1.5.Final]
> at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:551) [netty-all-4.1.5.Final.jar:4.1.5.Final]
> at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:465) [netty-all-4.1.5.Final.jar:4.1.5.Final]
> at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:437) [netty-all-4.1.5.Final.jar:4.1.5.Final]
> at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:873) [netty-all-4.1.5.Final.jar:4.1.5.Final]
> at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_91]
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)