Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Duplicate
Priority: Major
Fix Version/s: None
Affects Version/s: AMQ 7.2.1.GA, AMQ 7.2.2.GA
Component/s: addressing, security
Labels:
- automated
- regression

SFDC Cases Counter:
SFDC Cases Links:

Description

Unable to send a message to security enhanced addresses for given users/roles.

...
<addresses>
      <address name="testAddress">
        <anycast>
          <queue name="aQueue"/>
          <queue name="bQueue"/>
        </anycast>
      </address>
    </addresses>
...
<security-settings>
      <security-setting match="testAddress">
        <permission roles="aUsers, bUsers" type="send"/>
      </security-setting>
      <security-setting match="testAddress.aQueue">
        <permission roles="aUsers" type="consume"/>
      </security-setting>
      <security-setting match="testAddress.bQueue">
        <permission roles="bUsers" type="consume"/>
      </security-setting>
    </security-settings>

 cat /opt/jboss-amq-7-i0/etc/artemis-roles.properties
amq=tckuser,superuser,administrator,admin
bUsers=bUser
aUsers=aUser
[root@dhcp-145-217 opt]# cat /opt/jboss-amq-7-i0/etc/artemis-users.properties
tckuser=tckuser
superuser=superuser
administrator=administrator
bUser=bUser
admin=admin
nobody=nobody
aUser=aUser

Sending message as authorized "aUser" to aQueue

java  -jar /var/dtests/node_data/clients/aac1.jar sender  --log-msgs dict --broker 10.37.145.217:5672 --conn-auth-mechanisms PLAIN --conn-username aUser --conn-password aUser --address "testAddress::aQueue" --count 20
14:57:57,123 ERROR Error while sending a message!
javax.jms.JMSSecurityException: AMQ219017: not authorized to create producer, AMQ119032: User: aUser does not have permission='SEND' on address testAddress::aQueue [condition = amqp:unauthorized-access]
	at org.apache.qpid.jms.provider.amqp.AmqpSupport.convertToException(AmqpSupport.java:143)
	at org.apache.qpid.jms.provider.amqp.AmqpSupport.convertToException(AmqpSupport.java:117)
	at org.apache.qpid.jms.provider.amqp.builders.AmqpResourceBuilder.handleClosed(AmqpResourceBuilder.java:185)
	at org.apache.qpid.jms.provider.amqp.builders.AmqpResourceBuilder.processRemoteClose(AmqpResourceBuilder.java:129)
	at org.apache.qpid.jms.provider.amqp.AmqpProvider.processUpdates(AmqpProvider.java:973)
	at org.apache.qpid.jms.provider.amqp.AmqpProvider.access$1900(AmqpProvider.java:104)
	at org.apache.qpid.jms.provider.amqp.AmqpProvider$17.run(AmqpProvider.java:831)

▽
	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180)
	at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:748)

Receiver seems to be working properly

[root@dhcp-145-217 opt]# java  -jar /var/dtests/node_data/clients/aac1.jar receiver  --log-msgs dict --broker 10.37.145.217:5672 --conn-auth-mechanisms PLAIN --conn-username bUser --conn-password bUser --address "testAddress::bQueue" --count 20
[root@dhcp-145-217 opt]# echo $?
0

Attachments

Issue Links

duplicates

ENTMQCL-1091 Unable to send a message to address, with bound differently named queue

Closed

is cloned by

ENTMQBR-2463 Unable to send/receive messages with security permissions using FQQN for AMQP,Core or Openwire

Closed

Activity

People

Assignee:: Andy Taylor

Reporter:: Michal Toth

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2018/10/30 10:04 AM

Updated:: 2021/10/24 6:33 AM

Resolved:: 2019/04/18 8:06 AM