Himer MARTINEZ created ARTEMIS-990:
--------------------------------------
Summary: AMQ119032: User: Customer does not have
permission='CREATE_DURABLE_QUEUE' on address $sys.mqtt.queue.qos2
Key: ARTEMIS-990
URL: https://issues.apache.org/jira/browse/ARTEMIS-990
Project: ActiveMQ Artemis
Issue Type: Bug
Components: Broker
Affects Versions: 1.5.3
Environment: RHEL 7
Reporter: Himer MARTINEZ
Hello Guys,
We are experiencing this issue with MQTT,
Our issue : *AMQ119032: User: Customer does not have
permission='CREATE_DURABLE_QUEUE' on address
$sys.mqtt.queue.qos2.0a971d7ad7de58aea7c0*
{code:title=MQTTBasicPubSubExample.java|borderStyle=solid}
package com.mycompany.mqtt;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.fusesource.hawtbuf.UTF8Buffer;
import org.fusesource.mqtt.client.BlockingConnection;
import org.fusesource.mqtt.client.MQTT;
import org.fusesource.mqtt.client.Message;
import org.fusesource.mqtt.client.QoS;
import org.fusesource.mqtt.client.Topic;
/**
* A simple MQTT publish and subscribe example.
*/
public class MQTTBasicPubSubExample {
public static void main(final String[] args) throws Exception {
// Create a new MQTT connection to the broker. We are not setting the
client ID. The broker will pick one for us.
System.out.println("Connecting to Artemis using MQTT");
MQTT mqtt = new MQTT();
mqtt.setConnectAttemptsMax(2);
mqtt.setReconnectAttemptsMax(1);
mqtt.setUserName("Customer");
mqtt.setPassword("customerpwd");
mqtt.setHost("ssl://localhost:1883");
BlockingConnection connection = mqtt.blockingConnection();
connection.connect();
System.out.println("Connected to Artemis");
// Subscribe to topics
Topic[] topics = {new Topic("digital/test/data", QoS.AT_LEAST_ONCE)};
System.out.println("start subscribe");
connection.subscribe(topics);
System.out.println("end subscribe");
System.out.println("Subscribed to topics.");
// Publish Messages
String payload4 = "This is message 4";
System.out.println("start publish");
connection.publish("digital/test/data", payload4.getBytes(),
QoS.AT_MOST_ONCE, false);
System.out.println("end publish");
System.out.println("Sent messages.");
Message message4 = connection.receive(5, TimeUnit.SECONDS);
System.out.println("Received messages.");
System.out.println(new String(message4.getPayload()));
message4.ack();
connection.disconnect();
}
}
{code}
{code:title=broker.xml|borderStyle=solid}
<?xml version='1.0'?>
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<configuration xmlns="urn:activemq"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="urn:activemq
/schema/artemis-configuration.xsd">
<jms xmlns="urn:activemq:jms">
<queue name="DLQ"/>
<queue name="ExpiryQueue"/>
</jms>
<core xmlns="urn:activemq:core">
<name>localhost</name>
<persistence-enabled>true</persistence-enabled>
<!-- this could be ASYNCIO or NIO
-->
<journal-type>ASYNCIO</journal-type>
<paging-directory>/artemis/datas/paging</paging-directory>
<bindings-directory>/artemis/datas/bindings</bindings-directory>
<journal-directory>/artemis/datas/journal</journal-directory>
<large-messages-directory>/artemis/datas/large-messages</large-messages-directory>
<journal-datasync>true</journal-datasync>
<journal-min-files>2</journal-min-files>
<journal-pool-files>-1</journal-pool-files>
<!--
You can specify the NIC you want to use to verify if the network
<network-check-NIC>theNickName</network-check-NIC>
-->
<!--
Use this to use an HTTP server to validate the network
<network-check-URL-list>http://www.apache.org</network-check-URL-list>
-->
<!-- <network-check-period>10000</network-check-period> -->
<!-- <network-check-timeout>1000</network-check-timeout> -->
<!-- this is a comma separated list, no spaces, just DNS or IPs
it should accept IPV6
Warning: Make sure you understand your network topology as this is
meant to validate if your network is valid.
Using IPs that could eventually disappear or be partially
visible may defeat the purpose.
You can use a list of multiple IPs, and if any successful
ping will make the server OK to continue running -->
<!-- <network-check-list>10.0.0.1</network-check-list> -->
<!-- use this to customize the ping used for ipv4 addresses -->
<!-- <network-check-ping-command>ping -c 1 -t %d
%s</network-check-ping-command> -->
<!-- use this to customize the ping used for ipv6 addresses -->
<!-- <network-check-ping6-command>ping6 -c 1
%2$s</network-check-ping6-command> -->
<!--
This value was determined through a calculation.
Your system could perform 1 writes per millisecond
on the current journal configuration.
That translates as a sync write every 1004000 nanoseconds
-->
<journal-buffer-timeout>1004000</journal-buffer-timeout>
<connectors>
<!-- Connector used to be announced through cluster connections and
notifications -->
<connector name="artemis">tcp://localhost:61616</connector>
</connectors>
<ha-policy>
<shared-store>
<master>
<failover-on-shutdown>true</failover-on-shutdown>
</master>
</shared-store>
</ha-policy>
<!-- how often we are looking for how many bytes are being used on the
disk in ms -->
<disk-scan-period>5000</disk-scan-period>
<!-- once the disk hits this limit the system will block, or close the
connection in certain protocols
that won't support flow control. -->
<max-disk-usage>90</max-disk-usage>
<!-- the system will enter into page mode once you hit this limit.
This is an estimate in bytes of how much the messages are using in
memory -->
<global-max-size>104857600</global-max-size>
<acceptors>
<!-- Acceptor for every supported protocol -->
<acceptor
name="artemis">tcp://localhost:61616?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;protocols=CORE,AMQP,STOMP,HORNETQ,MQTT,OPENWIRE</acceptor>
<!-- AMQP Acceptor. Listens on default AMQP port for AMQP traffic.-->
<acceptor name="amqp">tcp://localhost:5672?protocols=AMQP</acceptor>
<!-- STOMP Acceptor. -->
<acceptor name="stomp">tcp://localhost:61613?protocols=STOMP</acceptor>
<!-- HornetQ Compatibility Acceptor. Enables HornetQ Core and STOMP
for legacy HornetQ clients. -->
<acceptor
name="hornetq">tcp://localhost:5445?protocols=HORNETQ,STOMP</acceptor>
<!-- MQTT Acceptor -->
<acceptor
name="mqtt">tcp://localhost:1883?protocols=MQTT;sslEnabled=true;keyStorePath=/artemis/brokers/certificats/keystore.jks;keyStorePassword=artemispwd</acceptor>
</acceptors>
<cluster-user>AdminCluster</cluster-user>
<cluster-password>AdminCluster</cluster-password>
<broadcast-groups>
<broadcast-group name="bg-group1">
<group-address>231.7.7.7</group-address>
<group-port>9876</group-port>
<broadcast-period>5000</broadcast-period>
<connector-ref>artemis</connector-ref>
</broadcast-group>
</broadcast-groups>
<discovery-groups>
<discovery-group name="dg-group1">
<group-address>231.7.7.7</group-address>
<group-port>9876</group-port>
<refresh-timeout>10000</refresh-timeout>
</discovery-group>
</discovery-groups>
<cluster-connections>
<cluster-connection name="my-cluster">
<address>jms</address>
<connector-ref>artemis</connector-ref>
<message-load-balancing>ON_DEMAND</message-load-balancing>
<max-hops>0</max-hops>
<discovery-group-ref discovery-group-name="dg-group1"/>
</cluster-connection>
</cluster-connections>
<security-enabled>true</security-enabled>
<security-settings>
<security-setting match="#">
<permission type="createNonDurableQueue" roles="Digital"/>
<permission type="deleteNonDurableQueue" roles="Digital"/>
<permission type="createDurableQueue" roles="Digital"/>
<permission type="deleteDurableQueue" roles="Digital"/>
<permission type="consume" roles="Digital"/>
<permission type="browse" roles="Digital"/>
<permission type="send" roles="Digital"/-->
<!-- we need this otherwise ./artemis data imp wouldn't work -->
<permission type="manage" roles="Digital"/>
</security-setting-->
<security-setting match="digital.test.#">
<!-- permission type="createNonDurableQueue" roles="Commerce"/-->
<!--permission type="deleteNonDurableQueue"
roles="digital,Commerce"/-->
<!--permission type="createDurableQueue" roles="Commerce"/-->
<!--permission type="deleteDurableQueue"
roles="digital,Commerce"/-->
<!-- permission type="consume" roles="Commerce"/-->
<!-- permission type="browse" roles="Commerce"/-->
<permission type="send" roles="Client"/>
<!-- permission type="manage" roles="Commerce" /-->
</security-setting>
</security-settings>
<queues>
<queue name="digital.test.data">
<durable>true</durable>
</queue>
</queues>
<address-settings>
<!--default for catch all-->
<address-setting match="#">
<dead-letter-address>jms.queue.DLQ</dead-letter-address>
<expiry-address>jms.queue.ExpiryQueue</expiry-address>
<redelivery-delay>0</redelivery-delay>
<!-- with -1 only the global-max-size is in use for limiting -->
<max-size-bytes>-1</max-size-bytes>
<message-counter-history-day-limit>1</message-counter-history-day-limit>
<address-full-policy>PAGE</address-full-policy>
<expiry-delay>10</expiry-delay>
</address-setting>
</address-settings>
</core>
</configuration>
{code}
{code:title=Issue en client side|borderStyle=solid}
Exception in thread "main" java.io.EOFException: Peer disconnected
at
org.fusesource.hawtdispatch.transport.AbstractProtocolCodec.read(AbstractProtocolCodec.java:331)
at
org.fusesource.hawtdispatch.transport.TcpTransport.drainInbound(TcpTransport.java:710)
at
org.fusesource.hawtdispatch.transport.TcpTransport$6.run(TcpTransport.java:592)
at
org.fusesource.hawtdispatch.internal.NioDispatchSource$3.run(NioDispatchSource.java:209)
at
org.fusesource.hawtdispatch.internal.SerialDispatchQueue.run(SerialDispatchQueue.java:100)
at
org.fusesource.hawtdispatch.internal.pool.SimpleThread.run(SimpleThread.java:77)
{code}
{code:title=artemis log file extract|borderStyle=solid}
10:13:37,116 DEBUG
[org.apache.activemq.artemis.core.postoffice.impl.PostOfficeImpl] Couldn't find
any bindings for address=activemq.notifications on
message=ServerMessage[messageID=234572,durable=true,userID=null,priority=0,
bodySize=512, timestamp=0,expiration=Thu Feb 23 10:13:37 CET 2017,
durable=true,
address=activemq.notifications,properties=TypedProperties[_AMQ_User=Customer,_AMQ_Address=$sys.mqtt.queue.qos2.0a971d7ad7de58aea7c0,_AMQ_NotifType=SECURITY_PERMISSION_VIOLATION,_AMQ_NotifTimestamp=1487841217116,_AMQ_CheckType=CREATE_DURABLE_QUEUE]]@1241929264
10:13:37,116 DEBUG
[org.apache.activemq.artemis.core.postoffice.impl.PostOfficeImpl] Message
ServerMessage[messageID=234572,durable=true,userID=null,priority=0,
bodySize=512, timestamp=0,expiration=Thu Feb 23 10:13:37 CET 2017,
durable=true,
address=activemq.notifications,properties=TypedProperties[_AMQ_User=Customer,_AMQ_Address=$sys.mqtt.queue.qos2.0a971d7ad7de58aea7c0,_AMQ_NotifType=SECURITY_PERMISSION_VIOLATION,_AMQ_NotifTimestamp=1487841217116,_AMQ_CheckType=CREATE_DURABLE_QUEUE]]@1241929264
is not going anywhere as it didn't have a binding on
address:activemq.notifications
10:13:37,116 DEBUG [org.apache.activemq.artemis.core.protocol.mqtt] Error
processing Control Packet, Disconnecting Client:
ActiveMQSecurityException[errorType=SECURITY_EXCEPTION message=AMQ119032: User:
Customer does not have permission='CREATE_DURABLE_QUEUE' on address
$sys.mqtt.queue.qos2.0a971d7ad7de58aea7c0]
at
org.apache.activemq.artemis.core.security.impl.SecurityStoreImpl.check(SecurityStoreImpl.java:201)
[artemis-server-1.5.2.jar:1.5.2]
at
org.apache.activemq.artemis.core.server.impl.ServerSessionImpl.securityCheck(ServerSessionImpl.java:401)
[artemis-server-1.5.2.jar:1.5.2]
at
org.apache.activemq.artemis.core.server.impl.ServerSessionImpl.createQueue(ServerSessionImpl.java:506)
[artemis-server-1.5.2.jar:1.5.2]
at
org.apache.activemq.artemis.core.protocol.mqtt.MQTTPublishManager.createManagementQueue(MQTTPublishManager.java:92)
[artemis-mqtt-protocol-1.5.2.jar:]
at
org.apache.activemq.artemis.core.protocol.mqtt.MQTTPublishManager.start(MQTTPublishManager.java:65)
[artemis-mqtt-protocol-1.5.2.jar:]
at
org.apache.activemq.artemis.core.protocol.mqtt.MQTTSession.start(MQTTSession.java:71)
[artemis-mqtt-protocol-1.5.2.jar:]
at
org.apache.activemq.artemis.core.protocol.mqtt.MQTTConnectionManager.connect(MQTTConnectionManager.java:83)
[artemis-mqtt-protocol-1.5.2.jar:]
at
org.apache.activemq.artemis.core.protocol.mqtt.MQTTProtocolHandler.handleConnect(MQTTProtocolHandler.java:163)
[artemis-mqtt-protocol-1.5.2.jar:]
at
org.apache.activemq.artemis.core.protocol.mqtt.MQTTProtocolHandler.channelRead(MQTTProtocolHandler.java:103)
[artemis-mqtt-protocol-1.5.2.jar:]
at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:372)
[netty-all-4.1.5.Final.jar:4.1.5.Final]
at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:358)
[netty-all-4.1.5.Final.jar:4.1.5.Final]
at
io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:350)
[netty-all-4.1.5.Final.jar:4.1.5.Final]
at
io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:293)
[netty-all-4.1.5.Final.jar:4.1.5.Final]
at
io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:267)
[netty-all-4.1.5.Final.jar:4.1.5.Final]
at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:372)
[netty-all-4.1.5.Final.jar:4.1.5.Final]
at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:358)
[netty-all-4.1.5.Final.jar:4.1.5.Final]
at
io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:350)
[netty-all-4.1.5.Final.jar:4.1.5.Final]
at
io.netty.handler.codec.ByteToMessageDecoder.handlerRemoved(ByteToMessageDecoder.java:219)
[netty-all-4.1.5.Final.jar:4.1.5.Final]
at
io.netty.channel.DefaultChannelPipeline.callHandlerRemoved0(DefaultChannelPipeline.java:631)
[netty-all-4.1.5.Final.jar:4.1.5.Final]
at
io.netty.channel.DefaultChannelPipeline.remove(DefaultChannelPipeline.java:468)
[netty-all-4.1.5.Final.jar:4.1.5.Final]
at
io.netty.channel.DefaultChannelPipeline.remove(DefaultChannelPipeline.java:428)
[netty-all-4.1.5.Final.jar:4.1.5.Final]
at
org.apache.activemq.artemis.core.protocol.ProtocolHandler$ProtocolDecoder.decode(ProtocolHandler.java:186)
[artemis-server-1.5.2.jar:1.5.2]
at
io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:411)
[netty-all-4.1.5.Final.jar:4.1.5.Final]
at
io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:248)
[netty-all-4.1.5.Final.jar:4.1.5.Final]
at
org.apache.activemq.artemis.core.protocol.ProtocolHandler$ProtocolDecoder.channelRead(ProtocolHandler.java:129)
[artemis-server-1.5.2.jar:1.5.2]
at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:372)
[netty-all-4.1.5.Final.jar:4.1.5.Final]
at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:358)
[netty-all-4.1.5.Final.jar:4.1.5.Final]
at
io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:350)
[netty-all-4.1.5.Final.jar:4.1.5.Final]
at
io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1334)
[netty-all-4.1.5.Final.jar:4.1.5.Final]
at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:372)
[netty-all-4.1.5.Final.jar:4.1.5.Final]
at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:358)
[netty-all-4.1.5.Final.jar:4.1.5.Final]
at
io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:926)
[netty-all-4.1.5.Final.jar:4.1.5.Final]
at
io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:129)
[netty-all-4.1.5.Final.jar:4.1.5.Final]
at
io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:610)
[netty-all-4.1.5.Final.jar:4.1.5.Final]
at
io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:551)
[netty-all-4.1.5.Final.jar:4.1.5.Final]
at
io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:465)
[netty-all-4.1.5.Final.jar:4.1.5.Final]
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:437)
[netty-all-4.1.5.Final.jar:4.1.5.Final]
at
io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:873)
[netty-all-4.1.5.Final.jar:4.1.5.Final]
at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_91]
{code}
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
