> It works? Yes, it should work.
> Does this indicate that I setup the Topic incorrectly? No. > Why would I need to have createNonDurableQueue permissions just to consume? JMS ideas are mapped onto concrete implementations in the broker. In your case, a JMS "topic" is mapped onto the core implementation of an address which supports multicast routing. When your JMS client wants to consume from a topic it creates a "subscription" and then receives messages from that subscription. This JMS "subscription" is mapped onto the core implementation of a queue on the aforementioned multicast address. In the case of a non-durable JMS subscriber the client creates a non-durable core queue and therefore requires the "createNonDurableQueue" permission. This is discussed in the documentation [1]. Justin [1] http://activemq.apache.org/components/artemis/documentation/latest/jms-core-mapping.html On Tue, Jul 2, 2019 at 2:57 PM hobojoe <gorma...@leidos.com> wrote: > I recently tried to setup security following the artemis security example. > I > would like to have a read-only Topic like, > > <addresses> > <address name="some.topic.name"> > <multicast/> > </address> > </addresses> > > With consume only permissions like, > > <security-settings> > <security-setting match="some.topic.name"> > <permission roles="user" type="consume"/> > </security-setting> > </security-setting> > > When I try to connect to the broker I get the error: > Setup of JMS message listener invoker failed for destination > 'some.topic.name' - trying to recover. Cause: AMQ119213: User: someUser > does > not have permission='CREATE_NON_DURABLE_QUEUE' for queue. > > If I change security to, > <security-settings> > <security-setting match="some.topic.name"> > <permission roles="user" type="consume"/> > *<permission roles="user" type="createNonDurableQueue"/>* > </security-setting> > </security-setting> > > It works? Does this indicate that I setup the Topic incorrectly? Why would > I > need to have createNonDurableQueue permissions just to consume? > > Any help is appreciated. > > > > -- > Sent from: > http://activemq.2283324.n4.nabble.com/ActiveMQ-User-f2341805.html >
