Adrian Quiambao created AMQ-7213:
------------------------------------
Summary: Slave broker does not reload or initialized the
configuration (activemq.xml)
Key: AMQ-7213
URL: https://issues.apache.org/jira/browse/AMQ-7213
Project: ActiveMQ
Issue Type: Bug
Affects Versions: 5.15.9, 5.14.0
Environment: ActiveMQ Version: 5.15.9
Master-slave setup: Shared File System Master Slave
Java application that is connecting to the ActiveMQ
Reporter: Adrian Quiambao
Hi, we're currently experiencing an issue with regards to master-slave setup.
So the problem is when the current master broker becomes a slave and the slave
broker becomes master, all users that were connected to the old master broker
will try to connect to the new master broker. But it seems like that the
permission of users was not carried over because we can see on our logs that:
{code:java}
//2019-05-17 10:35:45,823 | WARN | Security Error occurred on connection to:
tcp://10.1.240.158:60302, User testaq5 is not authorized to write to:
topic://testaq5.statistics |
org.apache.activemq.broker.TransportConnection.Service | ActiveMQ Transport:
tcp:///10.1.240.158:60302@61616
2019-05-17 10:35:46,310 | WARN | Security Error occurred on connection to:
tcp://10.1.240.158:60302, User testaq5 is not authorized to read from:
queue://testaq5.io.toro.integrate.Tracker |
org.apache.activemq.broker.TransportConnection.Service | ActiveMQ Transport:
tcp:///10.1.240.158:60302@61616
2019-05-17 10:35:46,311 | WARN | Security Error occurred on connection to:
tcp://10.1.240.158:60302, User testaq5 is not authorized to read from:
topic://testaq5.web-socket |
org.apache.activemq.broker.TransportConnection.Service | ActiveMQ Transport:
tcp:///10.1.240.158:60302@61616
2019-05-17 10:35:46,312 | WARN | Security Error occurred on connection to:
tcp://10.1.240.158:60302, User testaq5 is not authorized to read from:
queue://testaq5.io.toro.integrate.Monitor |
org.apache.activemq.broker.TransportConnection.Service | ActiveMQ Transport:
tcp:///10.1.240.158:60302@61616
2019-05-17 10:35:50,820 | WARN | Security Error occurred on connection to:
tcp://10.1.240.158:60302, User testaq5 is not authorized to write to:
topic://testaq5.statistics |
org.apache.activemq.broker.TransportConnection.Service | ActiveMQ Transport:
tcp:///10.1.240.158:60302@61616
{code}
To remove this error, we need to update a dummy user (authorization entry) on
the "activemq.xml" of the new master broker then the runtime scheduler of
ActiveMQ will be then triggered:
{code:java}
org.apache.activemq.plugin.RuntimeConfigurationBroker
{code}
This would then reinitialized all authorization entry on the new master broker.
How to reproduce?
# Run broker 1 and broker 2
# Add security to broker 1's activemq.xml
# Copy broker1's activemq.xml to broker 2
# Start java application
# Verify Java application can access broker 1
# Stop broker 1 - java application connects to broker 2
# Verify java application can access broker 2.
On the Java application, this would be the error:
{code:java}
//Caused by: java.lang.SecurityException: User bong1 is not authorized to write
to: topic://bong1.logs 843 at
org.apache.activemq.security.AuthorizationBroker.addProducer(AuthorizationBroker.java:199)
844 at
org.apache.activemq.broker.MutableBrokerFilter.addProducer(MutableBrokerFilter.java:113)
845 at
org.apache.activemq.broker.TransportConnection.processAddProducer(TransportConnection.java:650)
846 at org.apache.activemq.command.ProducerInfo.visit(ProducerInfo.java:108)
{code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
