Hi,

Is there anyone who could confirm if it is possible to configure Artemis in the 
same way as I explained in my previous mail or if I have misunderstood the 
whole things.

Thanks in advance,
Calle

________________________________
Från: Calle Andersson <calleanders...@hotmail.com>
Skickat: torsdag, oktober 5, 2023 1:55:10 PM
Till: users@activemq.apache.org <users@activemq.apache.org>
Ämne: Questions regarding auto-creation

Hi,

I've just started to investigate how Artemis works and I have some questions 
regarding auto-creation of addresses/queues.

I don't want to allow any clients/servers (who sends and/or consumes messages) 
to be able to auto-create addresses or queues. However, I want the broker to be 
able to auto-create dead letter queues (with the same name as the queue but 
prefixed with "DLQ.") when needed.

For testing, I have added the following to broker.xml:
<address name="TEST.QUEUE.A">
   <anycast>
      <queue name="TEST.QUEUE.A" />
   </anycast>
</address>

I have created user "myUser" and assigned the role "myRole" to it.

I have not looked into the dead letter queue configuration yet but I have tried 
to prevent "myUser" from auto-creating addresses/queues using the following 
configuration:
<security-setting match="#">
   <permission type="createNonDurableQueue" roles="amq"/>
   <permission type="deleteNonDurableQueue" roles="amq"/>
   <permission type="createDurableQueue" roles="amq"/>
   <permission type="deleteDurableQueue" roles="amq"/>
   <permission type="createAddress" roles="amq"/>
   <permission type="deleteAddress" roles="amq"/>
   <permission type="consume" roles="amq,myRole"/>
   <permission type="browse" roles="amq,myRole"/>
   <permission type="send" roles="amq,myRole"/>
   <!-- we need this otherwise ./artemis data imp wouldn't work -->
   <permission type="manage" roles="amq"/>
</security-setting>

<address-settings>
   <address-setting match="activemq.management#">
      <auto-create-queues>false</auto-create-queues>
      <auto-create-addresses>false</auto-create-addresses>
      <!-- ... -->
   </address-setting>
   <address-setting match="#">
      <auto-create-queues>false</auto-create-queues>
      <auto-create-addresses>false</auto-create-addresses>
      <!-- ... -->
   </address-setting>
</address-settings>

However, I get the following error when trying to consume from that queue:
... JmsConsumer[TEST.QUEUE.A]) Setup of JMS message listener invoker failed for 
destination 'TEST.QUEUE.A' - trying to recover. Cause: Destination TEST.QUEUE.A 
does not exist

I changed to the following in broker.xml:
<auto-create-queues>true</auto-create-queues>
<auto-create-addresses>true</auto-create-addresses>

But then I get the following error instead:
... JmsConsumer[TEST.QUEUE.A]) Setup of JMS message listener invoker failed for 
destination 'TEST.QUEUE.A' - trying to recover. Cause: AMQ229213: User: myUser 
does not have permission='CREATE_DURABLE_QUEUE' for queue TEST.QUEUE.A on 
address TEST.QUEUE.A

If I do the following change as well, everything works and I can consume 
messages:
<permission type="createDurableQueue" roles="amq,myRole"/>

I don't understand why the createDurableQueue is needed for “myRole” or why the 
queue can't be detected at all when auto-create- addresses and 
auto-create-queues are set to false. Could anyone shed some lights on what's 
going on and why?

This is my entire broker.xml:

<?xml version='1.0'?>

<!--

Licensed to the Apache Software Foundation (ASF) under one

or more contributor license agreements. See the NOTICE file

distributed with this work for additional information

regarding copyright ownership. The ASF licenses this file

to you under the Apache License, Version 2.0 (the

"License"); you may not use this file except in compliance

with the License. You may obtain a copy of the License at



  http://www.apache.org/licenses/LICENSE-2.0



Unless required by applicable law or agreed to in writing,

software distributed under the License is distributed on an

"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY

KIND, either express or implied. See the License for the

specific language governing permissions and limitations

under the License.

-->



<configuration xmlns="urn:activemq"

               xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";

               xmlns:xi="http://www.w3.org/2001/XInclude";

               xsi:schemaLocation="urn:activemq 
/schema/artemis-configuration.xsd">



   <core xmlns="urn:activemq:core" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";

         xsi:schemaLocation="urn:activemq:core ">



      <name>0.0.0.0</name>





      <persistence-enabled>true</persistence-enabled>



      <!-- It is recommended to keep this value as 1, maximizing the number of 
records stored about redeliveries.

           However if you must preserve state of individual redeliveries, you 
may increase this value or set it to -1 (infinite). -->

      <max-redelivery-records>1</max-redelivery-records>



      <!-- this could be ASYNCIO, MAPPED, NIO

           ASYNCIO: Linux Libaio

           MAPPED: mmap files

           NIO: Plain Java Files

       -->

      <journal-type>ASYNCIO</journal-type>



      <paging-directory>data/paging</paging-directory>



      <bindings-directory>data/bindings</bindings-directory>



      <journal-directory>data/journal</journal-directory>



      <large-messages-directory>data/large-messages</large-messages-directory>





      <!-- if you want to retain your journal uncomment this following 
configuration.



      This will allow your system to keep 7 days of your data, up to 10G. Tweak 
it accordingly to your use case and capacity.



      it is recommended to use a separate storage unit from the journal for 
performance considerations.



      <journal-retention-directory period="7" unit="DAYS" 
storage-limit="10G">data/retention</journal-retention-directory>



      You can also enable retention by using the argument journal-retention on 
the `artemis create` command -->







      <journal-datasync>true</journal-datasync>



      <journal-min-files>2</journal-min-files>



      <journal-pool-files>10</journal-pool-files>



      <journal-device-block-size>4096</journal-device-block-size>



      <journal-file-size>10M</journal-file-size>



      <!--

       This value was determined through a calculation.

       Your system could perform 62,5 writes per millisecond

       on the current journal configuration.

       That translates as a sync write every 16000 nanoseconds.



       Note: If you specify 0 the system will perform writes directly to the 
disk.

             We recommend this to be 0 if you are using journalType=MAPPED and 
journal-datasync=false.

      -->

      <journal-buffer-timeout>16000</journal-buffer-timeout>





      <!--

        When using ASYNCIO, this will determine the writing queue depth for 
libaio.

       -->

      <journal-max-io>4096</journal-max-io>

      <!--

        You can verify the network health of a particular NIC by specifying the 
<network-check-NIC> element.

         <network-check-NIC>theNicName</network-check-NIC>

        -->



      <!--

        Use this to use an HTTP server to validate the network

         <network-check-URL-list>http://www.apache.org</network-check-URL-list> 
-->



      <!-- <network-check-period>10000</network-check-period> -->

      <!-- <network-check-timeout>1000</network-check-timeout> -->



      <!-- this is a comma separated list, no spaces, just DNS or IPs

           it should accept IPV6



           Warning: Make sure you understand your network topology as this is 
meant to validate if your network is valid.

                    Using IPs that could eventually disappear or be partially 
visible may defeat the purpose.

                    You can use a list of multiple IPs, and if any successful 
ping will make the server OK to continue running -->

      <!-- <network-check-list>10.0.0.1</network-check-list> -->



      <!-- use this to customize the ping used for ipv4 addresses -->

      <!-- <network-check-ping-command>ping -c 1 -t %d 
%s</network-check-ping-command> -->



      <!-- use this to customize the ping used for ipv6 addresses -->

      <!-- <network-check-ping6-command>ping6 -c 1 
%2$s</network-check-ping6-command> -->









      <!-- how often we are looking for how many bytes are being used on the 
disk in ms -->

      <disk-scan-period>5000</disk-scan-period>



      <!-- once the disk hits this limit the system will block, or close the 
connection in certain protocols

           that won't support flow control. -->

      <max-disk-usage>90</max-disk-usage>



      <!-- should the broker detect dead locks and other issues -->

      <critical-analyzer>true</critical-analyzer>



      <critical-analyzer-timeout>120000</critical-analyzer-timeout>



      <critical-analyzer-check-period>60000</critical-analyzer-check-period>



      <critical-analyzer-policy>HALT</critical-analyzer-policy>





      <page-sync-timeout>239999</page-sync-timeout>





      <!-- the system will enter into page mode once you hit this limit. This 
is an estimate in bytes of how much the messages are using in memory



      The system will use half of the available memory (-Xmx) by default for 
the global-max-size.

      You may specify a different value here if you need to customize it to 
your needs.



      <global-max-size>100Mb</global-max-size> -->



      <!-- the maximum number of messages accepted before entering full address 
mode.

           if global-max-size is specified the full address mode will be 
specified by whatever hits it first. -->

      <global-max-messages>-1</global-max-messages>



      <acceptors>



         <!-- useEpoll means: it will use Netty epoll if you are on a system 
(Linux) that supports it -->

         <!-- amqpCredits: The number of credits sent to AMQP producers -->

         <!-- amqpLowCredits: The server will send the # credits specified at 
amqpCredits at this low mark -->

         <!-- amqpDuplicateDetection: If you are not using duplicate detection, 
set this to false

                                      as duplicate detection requires 
applicationProperties to be parsed on the server. -->

         <!-- amqpMinLargeMessageSize: Determines how many bytes are considered 
large, so we start using files to hold their data.

                                       default: 102400, -1 would mean to 
disable large message control -->



         <!-- Note: If an acceptor needs to be compatible with HornetQ and/or 
Artemis 1.x clients add

                    "anycastPrefix=jms.queue.;multicastPrefix=jms.topic." to 
the acceptor url.

                    See https://issues.apache.org/jira/browse/ARTEMIS-1644 for 
more information. -->





         <!-- Acceptor for every supported protocol -->

         <acceptor 
name="artemis">tcp://0.0.0.0:61616?anycastPrefix=jms.queue.;multicastPrefix=jms.topic.;tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;amqpMinLargeMessageSize=102400;protocols=CORE,AMQP,STOMP,HORNETQ,MQTT,OPENWIRE;useEpoll=true;amqpCredits=1000;amqpLowCredits=300;amqpDuplicateDetection=true;supportAdvisory=false;suppressInternalManagementObjects=false</acceptor>



         <!-- AMQP Acceptor. Listens on default AMQP port for AMQP traffic.-->

         <acceptor 
name="amqp">tcp://0.0.0.0:5672?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;protocols=AMQP;useEpoll=true;amqpCredits=1000;amqpLowCredits=300;amqpMinLargeMessageSize=102400;amqpDuplicateDetection=true</acceptor>



         <!-- STOMP Acceptor. -->

         <acceptor 
name="stomp">tcp://0.0.0.0:61613?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;protocols=STOMP;useEpoll=true</acceptor>



         <!-- HornetQ Compatibility Acceptor. Enables HornetQ Core and STOMP 
for legacy HornetQ clients. -->

         <acceptor 
name="hornetq">tcp://0.0.0.0:5445?anycastPrefix=jms.queue.;multicastPrefix=jms.topic.;protocols=HORNETQ,STOMP;useEpoll=true</acceptor>



         <!-- MQTT Acceptor -->

         <acceptor 
name="mqtt">tcp://0.0.0.0:1883?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;protocols=MQTT;useEpoll=true</acceptor>



      </acceptors>





      <security-settings>

         <security-setting match="#">

            <permission type="createNonDurableQueue" roles="amq"/>

            <permission type="deleteNonDurableQueue" roles="amq"/>

            <permission type="createDurableQueue" roles="amq"/>

            <permission type="deleteDurableQueue" roles="amq"/>

            <permission type="createAddress" roles="amq"/>

            <permission type="deleteAddress" roles="amq"/>

            <permission type="consume" roles="amq,myRole"/>

            <permission type="browse" roles="amq,myRole"/>

            <permission type="send" roles="amq,myRole"/>

            <!-- we need this otherwise ./artemis data imp wouldn't work -->

            <permission type="manage" roles="amq"/>

         </security-setting>

      </security-settings>



      <address-settings>

        <!-- if you define auto-create on certain queues, management has to be 
auto-create -->

         <address-setting match="activemq.management#">

            <dead-letter-address>DLQ</dead-letter-address>

            <expiry-address>ExpiryQueue</expiry-address>

            <redelivery-delay>0</redelivery-delay>

            <!-- with -1 only the global-max-size is in use for limiting -->

            <max-size-bytes>-1</max-size-bytes>

            
<message-counter-history-day-limit>10</message-counter-history-day-limit>

            <address-full-policy>PAGE</address-full-policy>

            <auto-create-queues>false</auto-create-queues>

            <auto-create-addresses>false</auto-create-addresses>

         </address-setting>

         <!--default for catch all-->

         <address-setting match="#">

            <dead-letter-address>DLQ</dead-letter-address>

            <expiry-address>ExpiryQueue</expiry-address>

            <redelivery-delay>0</redelivery-delay>



            
<message-counter-history-day-limit>10</message-counter-history-day-limit>

            <address-full-policy>PAGE</address-full-policy>

            <auto-create-queues>false</auto-create-queues>

            <auto-create-addresses>false</auto-create-addresses>

            <auto-delete-queues>false</auto-delete-queues>

            <auto-delete-addresses>false</auto-delete-addresses>



            <!-- The size of each page file -->

            <page-size-bytes>10M</page-size-bytes>



            <!-- When we start applying the address-full-policy, e.g paging -->

            <!-- Both are disabled by default, which means we will use the 
global-max-size/global-max-messages -->

            <max-size-bytes>-1</max-size-bytes>

            <max-size-messages>-1</max-size-messages>



            <!-- When we read from paging into queues (memory) -->



            <max-read-page-messages>-1</max-read-page-messages>

            <max-read-page-bytes>20M</max-read-page-bytes>



            <!-- Limit on paging capacity before starting to throw errors -->



            <page-limit-bytes>-1</page-limit-bytes>

            <page-limit-messages>-1</page-limit-messages>

          </address-setting>

      </address-settings>



      <addresses>

         <address name="DLQ">

            <anycast>

               <queue name="DLQ" />

            </anycast>

         </address>

         <address name="ExpiryQueue">

            <anycast>

               <queue name="ExpiryQueue" />

            </anycast>

         </address>

         <address name="TEST.QUEUE.A">

            <anycast>

               <queue name="TEST.QUEUE.A" />

            </anycast>

         </address>

      </addresses>



      <!-- Uncomment the following if you want to use the Standard 
LoggingActiveMQServerPlugin pluging to log in events

      <broker-plugins>

         <broker-plugin 
class-name="org.apache.activemq.artemis.core.server.plugin.impl.LoggingActiveMQServerPlugin">

            <property key="LOG_ALL_EVENTS" value="true"/>

            <property key="LOG_CONNECTION_EVENTS" value="true"/>

            <property key="LOG_SESSION_EVENTS" value="true"/>

            <property key="LOG_CONSUMER_EVENTS" value="true"/>

            <property key="LOG_DELIVERING_EVENTS" value="true"/>

            <property key="LOG_SENDING_EVENTS" value="true"/>

            <property key="LOG_INTERNAL_EVENTS" value="true"/>

         </broker-plugin>

      </broker-plugins>

      -->



   </core>

</configuration>

Regards,
Calle

Reply via email to