Federation not working
Hi,
I'm doing some tests with Qpid 0.12 and I can't seem to get federation
to work together with ACL. I'm trying to establish a static route from
one broker to another, in the following way:
$ qpid-route queue add admin/admin@localhost:10002
admin/admin@localhost:10001 amq.fanout test-queue
On the destination side (localhost:10002) I get this error:
Client closed connection with 320: ACL denied creating a federation link
The ACL configuration on the destination side looks like this:
group admin admin@QPID
acl allow-log admin all
acl deny-log all all
Enabling tracing on the source side I can see the following logs:
2011-09-27 15:32:47 debug SASL: Starting authentication with mechanism:
DIGEST-M
D5
2011-09-27 15:32:47 debug SASL: sending challenge to client
*2011-09-27 15:32:47 debug ACL: Lookup for id: action:create
objectType:link name
: with params { }
2011-09-27 15:32:47 debug No successful match, defaulting to the
decision mode d
eny-log*
2011-09-27 15:32:47 info ACL Deny id: action:create ObjectType:link Name:
2011-09-27 15:32:47 debug SEND raiseEvent (v1)
class=org.apache.qpid.acl.deny
2011-09-27 15:32:47 debug SEND raiseEvent (v2)
class=org.apache.qpid.acl.deny
2011-09-27 15:32:47 trace SENT [127.0.0.1:10001-10.7.5.19:59697]:
Frame[BEbe; ch
annel=0; {ConnectionSecureBody:
challenge=nonce="6N1LQUW+3/WG8F9GbLhyfe3BxGDNbQL
Ox+dXwCsO7eQ=",realm="QPID",qop="auth,auth-int,auth-conf",cipher="rc4-40,rc4-56,
rc4,des,3des",maxbuf=65535,charset=utf-8,algorithm=md5-sess; }]
2011-09-27 15:32:47 trace SENT [127.0.0.1:10001-10.7.5.19:59697]:
Frame[BEbe; channel=0; {ConnectionCloseBody: reply-code=320;
reply-text=ACL denied creating a federation link; }]
Federation only works if I open up the ACL on the source side, by doing:
"acl allow-log all all"
Searching through the mailing list I found this thread:
http://apache-qpid-users.2158936.n2.nabble.com/Federation-and-ACLs-td2362544.html
Looks like I'm having the exact same problem. Does anybody else
experience this issue?
