You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "Matt Pavlovich (Jira)" <ji...@apache.org> on 2021/03/09 21:50:00 UTC
[jira] [Commented] (AMQ-7213) Slave broker does not reload or
initialized the configuration (activemq.xml)
[ https://issues.apache.org/jira/browse/AMQ-7213?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17298385#comment-17298385 ]
Matt Pavlovich commented on AMQ-7213:
-------------------------------------
Please share the full activemq.xml to help troubleshoot.
Also, it would be helpful if you were to retest this with 5.15.14 as there were some updates to fix the RuntimeConfigurationPlugin. This sounds like the secondary (aka slave) node did not reload the configuration entries, but with the fixes in 5.15.14 should work for you.
> Slave broker does not reload or initialized the configuration (activemq.xml)
> ----------------------------------------------------------------------------
>
> Key: AMQ-7213
> URL: https://issues.apache.org/jira/browse/AMQ-7213
> Project: ActiveMQ
> Issue Type: Bug
> Affects Versions: 5.14.0, 5.15.9
> Environment: ActiveMQ Version: 5.15.9
> Master-slave setup: Shared File System Master Slave
> Java application that is connecting to the ActiveMQ
> Reporter: Adrian Quiambao
> Assignee: Matt Pavlovich
> Priority: Major
>
> Hi, we're currently experiencing an issue with regards to master-slave setup.
> So the problem is when the current master broker becomes a slave and the slave broker becomes master, all users that were connected to the old master broker will try to connect to the new master broker. But it seems like that the permission of users was not carried over because we can see on our logs that:
>
> {code:java}
> //2019-05-17 10:35:45,823 | WARN | Security Error occurred on connection to: tcp://10.1.240.158:60302, User testaq5 is not authorized to write to: topic://testaq5.statistics | org.apache.activemq.broker.TransportConnection.Service | ActiveMQ Transport: tcp:///10.1.240.158:60302@61616
> 2019-05-17 10:35:46,310 | WARN | Security Error occurred on connection to: tcp://10.1.240.158:60302, User testaq5 is not authorized to read from: queue://testaq5.io.toro.integrate.Tracker | org.apache.activemq.broker.TransportConnection.Service | ActiveMQ Transport: tcp:///10.1.240.158:60302@61616
> 2019-05-17 10:35:46,311 | WARN | Security Error occurred on connection to: tcp://10.1.240.158:60302, User testaq5 is not authorized to read from: topic://testaq5.web-socket | org.apache.activemq.broker.TransportConnection.Service | ActiveMQ Transport: tcp:///10.1.240.158:60302@61616
> 2019-05-17 10:35:46,312 | WARN | Security Error occurred on connection to: tcp://10.1.240.158:60302, User testaq5 is not authorized to read from: queue://testaq5.io.toro.integrate.Monitor | org.apache.activemq.broker.TransportConnection.Service | ActiveMQ Transport: tcp:///10.1.240.158:60302@61616
> 2019-05-17 10:35:50,820 | WARN | Security Error occurred on connection to: tcp://10.1.240.158:60302, User testaq5 is not authorized to write to: topic://testaq5.statistics | org.apache.activemq.broker.TransportConnection.Service | ActiveMQ Transport: tcp:///10.1.240.158:60302@61616
> {code}
>
> To remove this error, we need to update a dummy user (authorization entry) on the "activemq.xml" of the new master broker then the runtime scheduler of ActiveMQ will be then triggered:
> {code:java}
> org.apache.activemq.plugin.RuntimeConfigurationBroker
> {code}
> This would then reinitialized all authorization entry on the new master broker.
>
> How to reproduce?
> # Run broker 1 and broker 2
> # Add security to broker 1's activemq.xml
> # Copy broker1's activemq.xml to broker 2
> # Start java application
> # Verify Java application can access broker 1
> # Stop broker 1 - java application connects to broker 2
> # Verify java application can access broker 2.
> On the Java application, this would be the error:
> {code:java}
> //Caused by: java.lang.SecurityException: User bong1 is not authorized to write to: topic://bong1.logs 843 at org.apache.activemq.security.AuthorizationBroker.addProducer(AuthorizationBroker.java:199) 844 at org.apache.activemq.broker.MutableBrokerFilter.addProducer(MutableBrokerFilter.java:113) 845 at org.apache.activemq.broker.TransportConnection.processAddProducer(TransportConnection.java:650) 846 at org.apache.activemq.command.ProducerInfo.visit(ProducerInfo.java:108)
> {code}
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)