You could just remove the prefix from the security settings.
I would use Artemis 2.1 already. I'm about to send the release announce On Mon, May 15, 2017 at 4:51 PM, abhijith <topcoderabhij...@gmail.com> wrote: > Hi, > > With 1.x we had configured security settings and topic like below > > <jms xmlns="urn:activemq:jms"> > > <queue name="DLQ"/> > <queue name="ExpiryQueue"/> > <queue name="divertQueue1"/> > <queue name="divertQueue2"/> > > > <topic name="exampleTopic"/> > <topic name="divertTopic"/> > </jms> > > <security-settings> > <security-setting match="jms.queue.#"> > <permission type="createDurableQueue" roles="admin"/> > <permission type="deleteDurableQueue" roles="admin"/> > <permission type="createNonDurableQueue" roles="admin"/> > <permission type="deleteNonDurableQueue" roles="admin"/> > <permission type="consume" roles="admin"/> > <permission type="send" roles="admin"/> > </security-setting> > <security-setting match="jms.topic.#"> > <permission type="createDurableQueue" roles="admin"/> > <permission type="deleteDurableQueue" roles="admin"/> > <permission type="createNonDurableQueue" roles="admin"/> > <permission type="deleteNonDurableQueue" roles="admin"/> > <permission type="consume" roles="admin"/> > <permission type="send" roles="admin"/> > </security-setting> > </security-settings> > > With move to 2.x, I ran migrate1x command. That changed my jms declaration > like below > <addresses> > <address name="ExpiryQueue"> > <anycast> > <queue name="ExpiryQueue"/> > </anycast> > </address> > <address name="exampleTopic"> > <multicast/> > </address> > <address name="DLQ"> > <anycast> > <queue name="DLQ"/> > </anycast> > </address> > <address name="divertQueue2"> > <anycast> > <queue name="divertQueue2"/> > </anycast> > </address> > <address name="divertTopic"> > <multicast/> > </address> > <address name="divertQueue1"> > <anycast> > <queue name="divertQueue1"/> > </anycast> > </address> > </addresses> > > I see two issues with it. First is security settings did not change. If > previous convention was to add 'jms.queue' and 'jms.topic' then I think > migrate command can take care of it. > To fix this I updated acceptor to add prefix > > <acceptor > name="netty-acceptor">tcp://localhost:61616?anycastPrefix=jms.queue.;multicastPrefix=jms.topic.</acceptor> > > But still it fails giving below error message. Notice that it is not giving > right address name > > Caused by: javax.jms.JMSSecurityException: AMQ119032: User: admin does not > have permission='CREATE_DURABLE_QUEUE' on address ykkUjHVg > at > org.apache.activemq.artemis.core.protocol.core.impl.ChannelImpl.sendBlocking(ChannelImpl.java:412) > at > org.apache.activemq.artemis.core.protocol.core.impl.ChannelImpl.sendBlocking(ChannelImpl.java:322) > at > org.apache.activemq.artemis.core.protocol.core.impl.ActiveMQSessionContext.createQueue(ActiveMQSessionContext.java:635) > at > org.apache.activemq.artemis.core.client.impl.ClientSessionImpl.internalCreateQueue(ClientSessionImpl.java:1836) > at > org.apache.activemq.artemis.core.client.impl.ClientSessionImpl.createQueue(ClientSessionImpl.java:389) > at > org.apache.activemq.artemis.jms.client.ActiveMQSession.createConsumer(ActiveMQSession.java:670) > at > org.apache.activemq.artemis.jms.client.ActiveMQSession.createConsumer(ActiveMQSession.java:359) > at > org.apache.activemq.artemis.jms.client.ActiveMQSession.createConsumer(ActiveMQSession.java:331) > at > org.apache.activemq.artemis.jms.client.ActiveMQJMSContext.createConsumer(ActiveMQJMSContext.java:371) > ... 29 more > Caused by: ActiveMQSecurityException[errorType=SECURITY_EXCEPTION > message=AMQ119032: User: admin does not have > permission='CREATE_DURABLE_QUEUE' on address ykkUjHVg] > ... 38 more > > Please let me know if I am doing anything wrong? Do I need to change my > address setting manually? If I set it to generic '#' then it works fine. > > > > -- > View this message in context: > http://activemq.2283324.n4.nabble.com/Artemis-2-0-Security-settings-tp4726174.html > Sent from the ActiveMQ - User mailing list archive at Nabble.com. -- Clebert Suconic
