You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@activemq.apache.org by hobojoe <go...@leidos.com> on 2019/07/02 19:56:58 UTC
Minimum security settings to consume
I recently tried to setup security following the artemis security example. I
would like to have a read-only Topic like,
<addresses>
<address name="some.topic.name">
<multicast/>
</address>
</addresses>
With consume only permissions like,
<security-settings>
<security-setting match="some.topic.name">
<permission roles="user" type="consume"/>
</security-setting>
</security-setting>
When I try to connect to the broker I get the error:
Setup of JMS message listener invoker failed for destination
'some.topic.name' - trying to recover. Cause: AMQ119213: User: someUser does
not have permission='CREATE_NON_DURABLE_QUEUE' for queue.
If I change security to,
<security-settings>
<security-setting match="some.topic.name">
<permission roles="user" type="consume"/>
*<permission roles="user" type="createNonDurableQueue"/>*
</security-setting>
</security-setting>
It works? Does this indicate that I setup the Topic incorrectly? Why would I
need to have createNonDurableQueue permissions just to consume?
Any help is appreciated.
--
Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-f2341805.html
Re: Minimum security settings to consume
Posted by Justin Bertram <jb...@apache.org>.
> It works?
Yes, it should work.
> Does this indicate that I setup the Topic incorrectly?
No.
> Why would I need to have createNonDurableQueue permissions just to
consume?
JMS ideas are mapped onto concrete implementations in the broker. In your
case, a JMS "topic" is mapped onto the core implementation of an address
which supports multicast routing. When your JMS client wants to consume
from a topic it creates a "subscription" and then receives messages from
that subscription. This JMS "subscription" is mapped onto the core
implementation of a queue on the aforementioned multicast address. In the
case of a non-durable JMS subscriber the client creates a non-durable core
queue and therefore requires the "createNonDurableQueue" permission.
This is discussed in the documentation [1].
Justin
[1]
http://activemq.apache.org/components/artemis/documentation/latest/jms-core-mapping.html
On Tue, Jul 2, 2019 at 2:57 PM hobojoe <go...@leidos.com> wrote:
> I recently tried to setup security following the artemis security example.
> I
> would like to have a read-only Topic like,
>
> <addresses>
> <address name="some.topic.name">
> <multicast/>
> </address>
> </addresses>
>
> With consume only permissions like,
>
> <security-settings>
> <security-setting match="some.topic.name">
> <permission roles="user" type="consume"/>
> </security-setting>
> </security-setting>
>
> When I try to connect to the broker I get the error:
> Setup of JMS message listener invoker failed for destination
> 'some.topic.name' - trying to recover. Cause: AMQ119213: User: someUser
> does
> not have permission='CREATE_NON_DURABLE_QUEUE' for queue.
>
> If I change security to,
> <security-settings>
> <security-setting match="some.topic.name">
> <permission roles="user" type="consume"/>
> *<permission roles="user" type="createNonDurableQueue"/>*
> </security-setting>
> </security-setting>
>
> It works? Does this indicate that I setup the Topic incorrectly? Why would
> I
> need to have createNonDurableQueue permissions just to consume?
>
> Any help is appreciated.
>
>
>
> --
> Sent from:
> http://activemq.2283324.n4.nabble.com/ActiveMQ-User-f2341805.html
>