[
https://issues.apache.org/jira/browse/ARTEMIS-5943?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Michael Desmedt updated ARTEMIS-5943:
-------------------------------------
Description:
When I login with a valid user (not admin), this user does not have access to
the "send message" operation in the console even tough its group is listed in
the roles for
{code:java}
access method="send*" ... />{code}
FQQN and details
inn.first.classic.debt.event
||Attribute||Value||
|AcknowledgeAttempts|0|
|Address|inn.first.classic.debt.event|
|AutoDelete|false|
|ConfigurationManaged|true|
|ConsumerCount|0|
|ConsumersBeforeDispatch|0|
|DeadLetterAddress|DLQ.inn.first.classic.debt.event|
|DelayBeforeDispatch|-1|
|DeliveringCount|0|
|DeliveringSize|0|
|Durable|true|
|DurableDeliveringCount|0|
|DurableDeliveringSize|0|
|DurableMessageCount|0|
|DurablePersistentSize|0|
|DurableScheduledCount|0|
|DurableScheduledSize|0|
|Enabled|true|
|Exclusive|false|
|ExpiryAddress|ExpiryQueue|
|Filter|MESSAGE_PRODUCER <> 'firstapp'|
|FirstMessageAge|null|
|FirstMessageAsJSON|[{}]|
|FirstMessageTimestamp|null|
|GroupBuckets|-1|
|GroupCount|0|
|GroupFirstKey|null|
|GroupRebalance|false|
|GroupRebalancePauseDispatch|false|
|ID|591|
|InternalQueue|false|
|LastValue|false|
|LastValueKey|null|
|MaxConsumers|-1|
|MessageCount|0|
|MessagesAcknowledged|0|
|MessagesAdded|0|
|MessagesExpired|0|
|MessagesKilled|0|
|Name|inn.first.classic.debt.event|
|Paused|false|
|PersistedPause|false|
|PersistentSize|0|
|PreparedTransactionMessageCount|0|
|PurgeOnNoConsumers|false|
|RetroactiveResource|false|
|RingSize|-1|
|RoutingType|ANYCAST|
|ScheduledCount|0|
|ScheduledSize|0|
|Temporary|false|
|User|null|
screenshots:
context menu on address:
!address_context_menu_nosend.png!
operations on address
!address_operations_nosend.png!
context menu on queue:
!queue_context_menu_nosend.png!
operations on queue:
!queue_operations_nosend.png!
- cluster composed on 3 primary/backup pairs
extract of relevant files :
management.xml
{code:java}
<match domain="org.apache.activemq.artemis"
key="address=inn.first.classic.debt.event"> <access
method="count*" roles="amq,readonly,gPerceptionDebt,gDmetl,gInnRead,gFirst"/>
<access method="browse*"
roles="amq,readonly,gPerceptionDebt,gDmetl,gInnRead,gFirst"/>
<access method="list*"
roles="amq,readonly,gPerceptionDebt,gDmetl,gInnRead,gFirst"/>
<access method="get*"
roles="amq,readonly,gPerceptionDebt,gDmetl,gInnRead,gFirst"/>
<access method="is*"
roles="amq,readonly,gPerceptionDebt,gDmetl,gInnRead,gFirst"/>
<!-- give ability to send and remove messages from queues to users who
have write permissions --> <access method="send*"
roles="amq,gFirst,gDmetl"/> <access method="remove*"
roles="amq,gFirst,gDmetl"/> <!-- end -->
<access method="set*" roles="amq"/> <access
method="*" roles="amq"/> </match>
<match domain="org.apache.activemq.artemis"
key="queue=inn.first.classic.debt.event"> <access
method="count*" roles="amq,readonly,gPerceptionDebt,gDmetl,gInnRead,gFirst"/>
<access method="browse*"
roles="amq,readonly,gPerceptionDebt,gDmetl,gInnRead,gFirst"/>
<access method="list*"
roles="amq,readonly,gPerceptionDebt,gDmetl,gInnRead,gFirst"/>
<access method="get*"
roles="amq,readonly,gPerceptionDebt,gDmetl,gInnRead,gFirst"/>
<access method="is*"
roles="amq,readonly,gPerceptionDebt,gDmetl,gInnRead,gFirst"/>
<!-- give ability to send and remove messages from queues to users
who have write permissions --> <access
method="send*" roles="amq,gFirst,gDmetl"/> <access
method="remove*" roles="amq,gFirst,gDmetl"/> <!--
end --> <access method="set*" roles="amq"/>
<access method="*" roles="amq"/>
</match>
{code}
artemis-roles.properties
{code:java}
gFirst = firstapp {code}
any other file or operation on server available on request.
was:
When I login with a valid user (not admin), this user does not have access to
the "send message" operation in the console even tough its group is listed in
the roles for
{code:java}
access method="send*" ... />{code}
FQQN and details
inn.first.classic.debt.event
||Attribute||Value||
|AcknowledgeAttempts|0|
|Address|inn.first.classic.debt.event|
|AutoDelete|false|
|ConfigurationManaged|true|
|ConsumerCount|0|
|ConsumersBeforeDispatch|0|
|DeadLetterAddress|DLQ.inn.first.classic.debt.event|
|DelayBeforeDispatch|-1|
|DeliveringCount|0|
|DeliveringSize|0|
|Durable|true|
|DurableDeliveringCount|0|
|DurableDeliveringSize|0|
|DurableMessageCount|0|
|DurablePersistentSize|0|
|DurableScheduledCount|0|
|DurableScheduledSize|0|
|Enabled|true|
|Exclusive|false|
|ExpiryAddress|ExpiryQueue|
|Filter|MESSAGE_PRODUCER <> 'firstapp'|
|FirstMessageAge|null|
|FirstMessageAsJSON|[{}]|
|FirstMessageTimestamp|null|
|GroupBuckets|-1|
|GroupCount|0|
|GroupFirstKey|null|
|GroupRebalance|false|
|GroupRebalancePauseDispatch|false|
|ID|591|
|InternalQueue|false|
|LastValue|false|
|LastValueKey|null|
|MaxConsumers|-1|
|MessageCount|0|
|MessagesAcknowledged|0|
|MessagesAdded|0|
|MessagesExpired|0|
|MessagesKilled|0|
|Name|inn.first.classic.debt.event|
|Paused|false|
|PersistedPause|false|
|PersistentSize|0|
|PreparedTransactionMessageCount|0|
|PurgeOnNoConsumers|false|
|RetroactiveResource|false|
|RingSize|-1|
|RoutingType|ANYCAST|
|ScheduledCount|0|
|ScheduledSize|0|
|Temporary|false|
|User|null|
screenshots:
context menu on address:
!address_context_menu_nosend.png!
operations on address
!address_operations_nosend.png!
context menu on queue:
!queue_context_menu_nosend.png!
operations on queue:
!queue_operations_nosend.png!
Environment:
was:
- cluster composed on 3 primary/backup pairs
extract of relevant files :
management.xml
{code:java}
<match domain="org.apache.activemq.artemis"
key="address=inn.first.classic.debt.event"> <access
method="count*" roles="amq,readonly,gPerceptionDebt,gDmetl,gInnRead,gFirst"/>
<access method="browse*"
roles="amq,readonly,gPerceptionDebt,gDmetl,gInnRead,gFirst"/>
<access method="list*"
roles="amq,readonly,gPerceptionDebt,gDmetl,gInnRead,gFirst"/>
<access method="get*"
roles="amq,readonly,gPerceptionDebt,gDmetl,gInnRead,gFirst"/>
<access method="is*"
roles="amq,readonly,gPerceptionDebt,gDmetl,gInnRead,gFirst"/>
<!-- give ability to send and remove messages from queues to users who
have write permissions --> <access method="send*"
roles="amq,gFirst,gDmetl"/> <access method="remove*"
roles="amq,gFirst,gDmetl"/> <!-- end -->
<access method="set*" roles="amq"/> <access
method="*" roles="amq"/> </match>
<match domain="org.apache.activemq.artemis"
key="queue=inn.first.classic.debt.event"> <access
method="count*" roles="amq,readonly,gPerceptionDebt,gDmetl,gInnRead,gFirst"/>
<access method="browse*"
roles="amq,readonly,gPerceptionDebt,gDmetl,gInnRead,gFirst"/>
<access method="list*"
roles="amq,readonly,gPerceptionDebt,gDmetl,gInnRead,gFirst"/>
<access method="get*"
roles="amq,readonly,gPerceptionDebt,gDmetl,gInnRead,gFirst"/>
<access method="is*"
roles="amq,readonly,gPerceptionDebt,gDmetl,gInnRead,gFirst"/>
<!-- give ability to send and remove messages from queues to users
who have write permissions --> <access
method="send*" roles="amq,gFirst,gDmetl"/> <access
method="remove*" roles="amq,gFirst,gDmetl"/> <!--
end --> <access method="set*" roles="amq"/>
<access method="*" roles="amq"/>
</match>
{code}
artemis-roles.properties
{code:java}
gFirst = firstapp {code}
any other file or operation on server available on request.
> user does not have the possibility to send a message from the console
> ---------------------------------------------------------------------
>
> Key: ARTEMIS-5943
> URL: https://issues.apache.org/jira/browse/ARTEMIS-5943
> Project: Artemis
> Issue Type: Bug
> Components: Web Console
> Affects Versions: 2.52.0
> Environment:
>
> Reporter: Michael Desmedt
> Priority: Major
> Attachments: address_context_menu_nosend.png,
> address_operations_nosend.png, queue_context_menu_nosend.png,
> queue_operations_nosend.png
>
>
> When I login with a valid user (not admin), this user does not have access to
> the "send message" operation in the console even tough its group is listed in
> the roles for
> {code:java}
> access method="send*" ... />{code}
> FQQN and details
> inn.first.classic.debt.event
>
> ||Attribute||Value||
> |AcknowledgeAttempts|0|
> |Address|inn.first.classic.debt.event|
> |AutoDelete|false|
> |ConfigurationManaged|true|
> |ConsumerCount|0|
> |ConsumersBeforeDispatch|0|
> |DeadLetterAddress|DLQ.inn.first.classic.debt.event|
> |DelayBeforeDispatch|-1|
> |DeliveringCount|0|
> |DeliveringSize|0|
> |Durable|true|
> |DurableDeliveringCount|0|
> |DurableDeliveringSize|0|
> |DurableMessageCount|0|
> |DurablePersistentSize|0|
> |DurableScheduledCount|0|
> |DurableScheduledSize|0|
> |Enabled|true|
> |Exclusive|false|
> |ExpiryAddress|ExpiryQueue|
> |Filter|MESSAGE_PRODUCER <> 'firstapp'|
> |FirstMessageAge|null|
> |FirstMessageAsJSON|[{}]|
> |FirstMessageTimestamp|null|
> |GroupBuckets|-1|
> |GroupCount|0|
> |GroupFirstKey|null|
> |GroupRebalance|false|
> |GroupRebalancePauseDispatch|false|
> |ID|591|
> |InternalQueue|false|
> |LastValue|false|
> |LastValueKey|null|
> |MaxConsumers|-1|
> |MessageCount|0|
> |MessagesAcknowledged|0|
> |MessagesAdded|0|
> |MessagesExpired|0|
> |MessagesKilled|0|
> |Name|inn.first.classic.debt.event|
> |Paused|false|
> |PersistedPause|false|
> |PersistentSize|0|
> |PreparedTransactionMessageCount|0|
> |PurgeOnNoConsumers|false|
> |RetroactiveResource|false|
> |RingSize|-1|
> |RoutingType|ANYCAST|
> |ScheduledCount|0|
> |ScheduledSize|0|
> |Temporary|false|
> |User|null|
>
>
> screenshots:
>
> context menu on address:
> !address_context_menu_nosend.png!
>
> operations on address
> !address_operations_nosend.png!
>
>
> context menu on queue:
> !queue_context_menu_nosend.png!
> operations on queue:
> !queue_operations_nosend.png!
> - cluster composed on 3 primary/backup pairs
> extract of relevant files :
> management.xml
> {code:java}
> <match domain="org.apache.activemq.artemis"
> key="address=inn.first.classic.debt.event"> <access
> method="count*" roles="amq,readonly,gPerceptionDebt,gDmetl,gInnRead,gFirst"/>
> <access method="browse*"
> roles="amq,readonly,gPerceptionDebt,gDmetl,gInnRead,gFirst"/>
> <access method="list*"
> roles="amq,readonly,gPerceptionDebt,gDmetl,gInnRead,gFirst"/>
> <access method="get*"
> roles="amq,readonly,gPerceptionDebt,gDmetl,gInnRead,gFirst"/>
> <access method="is*"
> roles="amq,readonly,gPerceptionDebt,gDmetl,gInnRead,gFirst"/>
> <!-- give ability to send and remove messages from queues to users
> who have write permissions --> <access method="send*"
> roles="amq,gFirst,gDmetl"/> <access method="remove*"
> roles="amq,gFirst,gDmetl"/> <!-- end -->
> <access method="set*" roles="amq"/>
> <access method="*" roles="amq"/> </match>
>
> <match domain="org.apache.activemq.artemis"
> key="queue=inn.first.classic.debt.event"> <access
> method="count*" roles="amq,readonly,gPerceptionDebt,gDmetl,gInnRead,gFirst"/>
> <access method="browse*"
> roles="amq,readonly,gPerceptionDebt,gDmetl,gInnRead,gFirst"/>
> <access method="list*"
> roles="amq,readonly,gPerceptionDebt,gDmetl,gInnRead,gFirst"/>
> <access method="get*"
> roles="amq,readonly,gPerceptionDebt,gDmetl,gInnRead,gFirst"/>
> <access method="is*"
> roles="amq,readonly,gPerceptionDebt,gDmetl,gInnRead,gFirst"/>
> <!-- give ability to send and remove messages from queues to
> users who have write permissions --> <access
> method="send*" roles="amq,gFirst,gDmetl"/>
> <access method="remove*" roles="amq,gFirst,gDmetl"/>
> <!-- end --> <access method="set*"
> roles="amq"/> <access method="*" roles="amq"/>
> </match>
> {code}
> artemis-roles.properties
> {code:java}
> gFirst = firstapp {code}
> any other file or operation on server available on request.
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
