Major Description
Hello Guys,
We are experiencing this issue with MQTT,
Our issue : AMQ119032: User: Customer does not have permission='CREATE_DURABLE_QUEUE' on address $sys.mqtt.queue.qos2.0a971d7ad7de58aea7c0
MQTTBasicPubSubExample.java
package com.mycompany.mqtt; import java.security.SecureRandom; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import java.util.concurrent.TimeUnit; import javax.net.ssl.KeyManager; import javax.net.ssl.SSLContext; import javax.net.ssl.TrustManager; import javax.net.ssl.X509TrustManager; import org.fusesource.hawtbuf.UTF8Buffer; import org.fusesource.mqtt.client.BlockingConnection; import org.fusesource.mqtt.client.MQTT; import org.fusesource.mqtt.client.Message; import org.fusesource.mqtt.client.QoS; import org.fusesource.mqtt.client.Topic; /** * A simple MQTT publish and subscribe example. */ public class MQTTBasicPubSubExample { public static void main(final String[] args) throws Exception { // Create a new MQTT connection to the broker. We are not setting the client ID. The broker will pick one for us. System.out.println("Connecting to Artemis using MQTT"); MQTT mqtt = new MQTT(); mqtt.setConnectAttemptsMax(2); mqtt.setReconnectAttemptsMax(1); mqtt.setUserName("Customer"); mqtt.setPassword("customerpwd"); mqtt.setHost("ssl://localhost:1883"); BlockingConnection connection = mqtt.blockingConnection(); connection.connect(); System.out.println("Connected to Artemis"); // Subscribe to topics Topic[] topics = {new Topic("digital/test/data", QoS.AT_LEAST_ONCE)}; System.out.println("start subscribe"); connection.subscribe(topics); System.out.println("end subscribe"); System.out.println("Subscribed to topics."); // Publish Messages String payload4 = "This is message 4"; System.out.println("start publish"); connection.publish("digital/test/data", payload4.getBytes(), QoS.AT_MOST_ONCE, false); System.out.println("end publish"); System.out.println("Sent messages."); Message message4 = connection.receive(5, TimeUnit.SECONDS); System.out.println("Received messages."); System.out.println(new String(message4.getPayload())); message4.ack(); connection.disconnect(); } }
broker.xml
<?xml version='1.0'?> <!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. --> <configuration xmlns="urn:activemq" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:activemq /schema/artemis-configuration.xsd"> <jms xmlns="urn:activemq:jms"> <queue name="DLQ"/> <queue name="ExpiryQueue"/> </jms> <core xmlns="urn:activemq:core"> <name>localhost</name> <persistence-enabled>true</persistence-enabled> <!-- this could be ASYNCIO or NIO --> <journal-type>ASYNCIO</journal-type> <paging-directory>/artemis/datas/paging</paging-directory> <bindings-directory>/artemis/datas/bindings</bindings-directory> <journal-directory>/artemis/datas/journal</journal-directory> <large-messages-directory>/artemis/datas/large-messages</large-messages-directory> <journal-datasync>true</journal-datasync> <journal-min-files>2</journal-min-files> <journal-pool-files>-1</journal-pool-files> <!-- You can specify the NIC you want to use to verify if the network <network-check-NIC>theNickName</network-check-NIC> --> <!-- Use this to use an HTTP server to validate the network <network-check-URL-list>http://www.apache.org</network-check-URL-list> --> <!-- <network-check-period>10000</network-check-period> --> <!-- <network-check-timeout>1000</network-check-timeout> --> <!-- this is a comma separated list, no spaces, just DNS or IPs it should accept IPV6 Warning: Make sure you understand your network topology as this is meant to validate if your network is valid. Using IPs that could eventually disappear or be partially visible may defeat the purpose. You can use a list of multiple IPs, and if any successful ping will make the server OK to continue running --> <!-- <network-check-list>10.0.0.1</network-check-list> --> <!-- use this to customize the ping used for ipv4 addresses --> <!-- <network-check-ping-command>ping -c 1 -t %d %s</network-check-ping-command> --> <!-- use this to customize the ping used for ipv6 addresses --> <!-- <network-check-ping6-command>ping6 -c 1 %2$s</network-check-ping6-command> --> <!-- This value was determined through a calculation. Your system could perform 1 writes per millisecond on the current journal configuration. That translates as a sync write every 1004000 nanoseconds --> <journal-buffer-timeout>1004000</journal-buffer-timeout> <connectors> <!-- Connector used to be announced through cluster connections and notifications --> <connector name="artemis">tcp://localhost:61616</connector> </connectors> <ha-policy> <shared-store> <master> <failover-on-shutdown>true</failover-on-shutdown> </master> </shared-store> </ha-policy> <!-- how often we are looking for how many bytes are being used on the disk in ms --> <disk-scan-period>5000</disk-scan-period> <!-- once the disk hits this limit the system will block, or close the connection in certain protocols that won't support flow control. --> <max-disk-usage>90</max-disk-usage> <!-- the system will enter into page mode once you hit this limit. This is an estimate in bytes of how much the messages are using in memory --> <global-max-size>104857600</global-max-size> <acceptors> <!-- Acceptor for every supported protocol --> <acceptor name="artemis">tcp://localhost:61616?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;protocols=CORE,AMQP,STOMP,HORNETQ,MQTT,OPENWIRE</acceptor> <!-- AMQP Acceptor. Listens on default AMQP port for AMQP traffic.--> <acceptor name="amqp">tcp://localhost:5672?protocols=AMQP</acceptor> <!-- STOMP Acceptor. --> <acceptor name="stomp">tcp://localhost:61613?protocols=STOMP</acceptor> <!-- HornetQ Compatibility Acceptor. Enables HornetQ Core and STOMP for legacy HornetQ clients. --> <acceptor name="hornetq">tcp://localhost:5445?protocols=HORNETQ,STOMP</acceptor> <!-- MQTT Acceptor --> <acceptor name="mqtt">tcp://localhost:1883?protocols=MQTT;sslEnabled=true;keyStorePath=/artemis/brokers/certificats/keystore.jks;keyStorePassword=artemispwd</acceptor> </acceptors> <cluster-user>AdminCluster</cluster-user> <cluster-password>AdminCluster</cluster-password> <broadcast-groups> <broadcast-group name="bg-group1"> <group-address>231.7.7.7</group-address> <group-port>9876</group-port> <broadcast-period>5000</broadcast-period> <connector-ref>artemis</connector-ref> </broadcast-group> </broadcast-groups> <discovery-groups> <discovery-group name="dg-group1"> <group-address>231.7.7.7</group-address> <group-port>9876</group-port> <refresh-timeout>10000</refresh-timeout> </discovery-group> </discovery-groups> <cluster-connections> <cluster-connection name="my-cluster"> <address>jms</address> <connector-ref>artemis</connector-ref> <message-load-balancing>ON_DEMAND</message-load-balancing> <max-hops>0</max-hops> <discovery-group-ref discovery-group-name="dg-group1"/> </cluster-connection> </cluster-connections> <security-enabled>true</security-enabled> <security-settings> <security-setting match="#"> <permission type="createNonDurableQueue" roles="Digital"/> <permission type="deleteNonDurableQueue" roles="Digital"/> <permission type="createDurableQueue" roles="Digital"/> <permission type="deleteDurableQueue" roles="Digital"/> <permission type="consume" roles="Digital"/> <permission type="browse" roles="Digital"/> <permission type="send" roles="Digital"/--> <!-- we need this otherwise ./artemis data imp wouldn't work --> <permission type="manage" roles="Digital"/> </security-setting--> <security-setting match="digital.test.#"> <!-- permission type="createNonDurableQueue" roles="Commerce"/--> <!--permission type="deleteNonDurableQueue" roles="digital,Commerce"/--> <!--permission type="createDurableQueue" roles="Commerce"/--> <!--permission type="deleteDurableQueue" roles="digital,Commerce"/--> <!-- permission type="consume" roles="Commerce"/--> <!-- permission type="browse" roles="Commerce"/--> <permission type="send" roles="Client"/> <!-- permission type="manage" roles="Commerce" /--> </security-setting> </security-settings> <queues> <queue name="digital.test.data"> <durable>true</durable> </queue> </queues> <address-settings> <!--default for catch all--> <address-setting match="#"> <dead-letter-address>jms.queue.DLQ</dead-letter-address> <expiry-address>jms.queue.ExpiryQueue</expiry-address> <redelivery-delay>0</redelivery-delay> <!-- with -1 only the global-max-size is in use for limiting --> <max-size-bytes>-1</max-size-bytes> <message-counter-history-day-limit>1</message-counter-history-day-limit> <address-full-policy>PAGE</address-full-policy> <expiry-delay>10</expiry-delay> </address-setting> </address-settings> </core> </configuration>
Issue en client side
Exception in thread "main" java.io.EOFException: Peer disconnected
at org.fusesource.hawtdispatch.transport.AbstractProtocolCodec.read(AbstractProtocolCodec.java:331)
at org.fusesource.hawtdispatch.transport.TcpTransport.drainInbound(TcpTransport.java:710)
at org.fusesource.hawtdispatch.transport.TcpTransport$6.run(TcpTransport.java:592)
at org.fusesource.hawtdispatch.internal.NioDispatchSource$3.run(NioDispatchSource.java:209)
at org.fusesource.hawtdispatch.internal.SerialDispatchQueue.run(SerialDispatchQueue.java:100)
at org.fusesource.hawtdispatch.internal.pool.SimpleThread.run(SimpleThread.java:77)
artemis log file extract
10:13:37,116 DEBUG [org.apache.activemq.artemis.core.postoffice.impl.PostOfficeImpl] Couldn't find any bindings for address=activemq.notifications on message=ServerMessage[messageID=234572,durable=true,userID=null,priority=0, bodySize=512, timestamp=0,expiration=Thu Feb 23 10:13:37 CET 2017, durable=true, address=activemq.notifications,properties=TypedProperties[_AMQ_User=Customer,_AMQ_Address=$sys.mqtt.queue.qos2.0a971d7ad7de58aea7c0,_AMQ_NotifType=SECURITY_PERMISSION_VIOLATION,_AMQ_NotifTimestamp=1487841217116,_AMQ_CheckType=CREATE_DURABLE_QUEUE]]@1241929264 10:13:37,116 DEBUG [org.apache.activemq.artemis.core.postoffice.impl.PostOfficeImpl] Message ServerMessage[messageID=234572,durable=true,userID=null,priority=0, bodySize=512, timestamp=0,expiration=Thu Feb 23 10:13:37 CET 2017, durable=true, address=activemq.notifications,properties=TypedProperties[_AMQ_User=Customer,_AMQ_Address=$sys.mqtt.queue.qos2.0a971d7ad7de58aea7c0,_AMQ_NotifType=SECURITY_PERMISSION_VIOLATION,_AMQ_NotifTimestamp=1487841217116,_AMQ_CheckType=CREATE_DURABLE_QUEUE]]@1241929264 is not going anywhere as it didn't have a binding on address:activemq.notifications 10:13:37,116 DEBUG [org.apache.activemq.artemis.core.protocol.mqtt] Error processing Control Packet, Disconnecting Client: ActiveMQSecurityException[errorType=SECURITY_EXCEPTION message=AMQ119032: User: Customer does not have permission='CREATE_DURABLE_QUEUE' on address $sys.mqtt.queue.qos2.0a971d7ad7de58aea7c0] at org.apache.activemq.artemis.core.security.impl.SecurityStoreImpl.check(SecurityStoreImpl.java:201) [artemis-server-1.5.2.jar:1.5.2] at org.apache.activemq.artemis.core.server.impl.ServerSessionImpl.securityCheck(ServerSessionImpl.java:401) [artemis-server-1.5.2.jar:1.5.2] at org.apache.activemq.artemis.core.server.impl.ServerSessionImpl.createQueue(ServerSessionImpl.java:506) [artemis-server-1.5.2.jar:1.5.2] at org.apache.activemq.artemis.core.protocol.mqtt.MQTTPublishManager.createManagementQueue(MQTTPublishManager.java:92) [artemis-mqtt-protocol-1.5.2.jar:] at org.apache.activemq.artemis.core.protocol.mqtt.MQTTPublishManager.start(MQTTPublishManager.java:65) [artemis-mqtt-protocol-1.5.2.jar:] at org.apache.activemq.artemis.core.protocol.mqtt.MQTTSession.start(MQTTSession.java:71) [artemis-mqtt-protocol-1.5.2.jar:] at org.apache.activemq.artemis.core.protocol.mqtt.MQTTConnectionManager.connect(MQTTConnectionManager.java:83) [artemis-mqtt-protocol-1.5.2.jar:] at org.apache.activemq.artemis.core.protocol.mqtt.MQTTProtocolHandler.handleConnect(MQTTProtocolHandler.java:163) [artemis-mqtt-protocol-1.5.2.jar:] at org.apache.activemq.artemis.core.protocol.mqtt.MQTTProtocolHandler.channelRead(MQTTProtocolHandler.java:103) [artemis-mqtt-protocol-1.5.2.jar:] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:372) [netty-all-4.1.5.Final.jar:4.1.5.Final] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:358) [netty-all-4.1.5.Final.jar:4.1.5.Final] at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:350) [netty-all-4.1.5.Final.jar:4.1.5.Final] at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:293) [netty-all-4.1.5.Final.jar:4.1.5.Final] at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:267) [netty-all-4.1.5.Final.jar:4.1.5.Final] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:372) [netty-all-4.1.5.Final.jar:4.1.5.Final] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:358) [netty-all-4.1.5.Final.jar:4.1.5.Final] at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:350) [netty-all-4.1.5.Final.jar:4.1.5.Final] at io.netty.handler.codec.ByteToMessageDecoder.handlerRemoved(ByteToMessageDecoder.java:219) [netty-all-4.1.5.Final.jar:4.1.5.Final] at io.netty.channel.DefaultChannelPipeline.callHandlerRemoved0(DefaultChannelPipeline.java:631) [netty-all-4.1.5.Final.jar:4.1.5.Final] at io.netty.channel.DefaultChannelPipeline.remove(DefaultChannelPipeline.java:468) [netty-all-4.1.5.Final.jar:4.1.5.Final] at io.netty.channel.DefaultChannelPipeline.remove(DefaultChannelPipeline.java:428) [netty-all-4.1.5.Final.jar:4.1.5.Final] at org.apache.activemq.artemis.core.protocol.ProtocolHandler$ProtocolDecoder.decode(ProtocolHandler.java:186) [artemis-server-1.5.2.jar:1.5.2] at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:411) [netty-all-4.1.5.Final.jar:4.1.5.Final] at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:248) [netty-all-4.1.5.Final.jar:4.1.5.Final] at org.apache.activemq.artemis.core.protocol.ProtocolHandler$ProtocolDecoder.channelRead(ProtocolHandler.java:129) [artemis-server-1.5.2.jar:1.5.2] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:372) [netty-all-4.1.5.Final.jar:4.1.5.Final] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:358) [netty-all-4.1.5.Final.jar:4.1.5.Final] at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:350) [netty-all-4.1.5.Final.jar:4.1.5.Final] at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1334) [netty-all-4.1.5.Final.jar:4.1.5.Final] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:372) [netty-all-4.1.5.Final.jar:4.1.5.Final] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:358) [netty-all-4.1.5.Final.jar:4.1.5.Final] at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:926) [netty-all-4.1.5.Final.jar:4.1.5.Final] at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:129) [netty-all-4.1.5.Final.jar:4.1.5.Final] at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:610) [netty-all-4.1.5.Final.jar:4.1.5.Final] at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:551) [netty-all-4.1.5.Final.jar:4.1.5.Final] at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:465) [netty-all-4.1.5.Final.jar:4.1.5.Final] at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:437) [netty-all-4.1.5.Final.jar:4.1.5.Final] at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:873) [netty-all-4.1.5.Final.jar:4.1.5.Final] at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_91]
Attachments
Issue Links
- links to
