Hi,
Is there anyone who could confirm if it is possible to configure Artemis in the
same way as I explained in my previous mail or if I have misunderstood the
whole things.
Thanks in advance,
Calle
________________________________
Från: Calle Andersson <calleanders...@hotmail.com>
Skickat: torsdag, oktober 5, 2023 1:55:10 PM
Till: users@activemq.apache.org <users@activemq.apache.org>
Ämne: Questions regarding auto-creation
Hi,
I've just started to investigate how Artemis works and I have some questions
regarding auto-creation of addresses/queues.
I don't want to allow any clients/servers (who sends and/or consumes messages)
to be able to auto-create addresses or queues. However, I want the broker to be
able to auto-create dead letter queues (with the same name as the queue but
prefixed with "DLQ.") when needed.
For testing, I have added the following to broker.xml:
<address name="TEST.QUEUE.A">
<anycast>
<queue name="TEST.QUEUE.A" />
</anycast>
</address>
I have created user "myUser" and assigned the role "myRole" to it.
I have not looked into the dead letter queue configuration yet but I have tried
to prevent "myUser" from auto-creating addresses/queues using the following
configuration:
<security-setting match="#">
<permission type="createNonDurableQueue" roles="amq"/>
<permission type="deleteNonDurableQueue" roles="amq"/>
<permission type="createDurableQueue" roles="amq"/>
<permission type="deleteDurableQueue" roles="amq"/>
<permission type="createAddress" roles="amq"/>
<permission type="deleteAddress" roles="amq"/>
<permission type="consume" roles="amq,myRole"/>
<permission type="browse" roles="amq,myRole"/>
<permission type="send" roles="amq,myRole"/>
<!-- we need this otherwise ./artemis data imp wouldn't work -->
<permission type="manage" roles="amq"/>
</security-setting>
<address-settings>
<address-setting match="activemq.management#">
<auto-create-queues>false</auto-create-queues>
<auto-create-addresses>false</auto-create-addresses>
<!-- ... -->
</address-setting>
<address-setting match="#">
<auto-create-queues>false</auto-create-queues>
<auto-create-addresses>false</auto-create-addresses>
<!-- ... -->
</address-setting>
</address-settings>
However, I get the following error when trying to consume from that queue:
... JmsConsumer[TEST.QUEUE.A]) Setup of JMS message listener invoker failed for
destination 'TEST.QUEUE.A' - trying to recover. Cause: Destination TEST.QUEUE.A
does not exist
I changed to the following in broker.xml:
<auto-create-queues>true</auto-create-queues>
<auto-create-addresses>true</auto-create-addresses>
But then I get the following error instead:
... JmsConsumer[TEST.QUEUE.A]) Setup of JMS message listener invoker failed for
destination 'TEST.QUEUE.A' - trying to recover. Cause: AMQ229213: User: myUser
does not have permission='CREATE_DURABLE_QUEUE' for queue TEST.QUEUE.A on
address TEST.QUEUE.A
If I do the following change as well, everything works and I can consume
messages:
<permission type="createDurableQueue" roles="amq,myRole"/>
I don't understand why the createDurableQueue is needed for “myRole” or why the
queue can't be detected at all when auto-create- addresses and
auto-create-queues are set to false. Could anyone shed some lights on what's
going on and why?
This is my entire broker.xml:
<?xml version='1.0'?>
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<configuration xmlns="urn:activemq"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:xi="http://www.w3.org/2001/XInclude";
xsi:schemaLocation="urn:activemq
/schema/artemis-configuration.xsd">
<core xmlns="urn:activemq:core"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="urn:activemq:core ">
<name>0.0.0.0</name>
<persistence-enabled>true</persistence-enabled>
<!-- It is recommended to keep this value as 1, maximizing the number of
records stored about redeliveries.
However if you must preserve state of individual redeliveries, you
may increase this value or set it to -1 (infinite). -->
<max-redelivery-records>1</max-redelivery-records>
<!-- this could be ASYNCIO, MAPPED, NIO
ASYNCIO: Linux Libaio
MAPPED: mmap files
NIO: Plain Java Files
-->
<journal-type>ASYNCIO</journal-type>
<paging-directory>data/paging</paging-directory>
<bindings-directory>data/bindings</bindings-directory>
<journal-directory>data/journal</journal-directory>
<large-messages-directory>data/large-messages</large-messages-directory>
<!-- if you want to retain your journal uncomment this following
configuration.
This will allow your system to keep 7 days of your data, up to 10G. Tweak
it accordingly to your use case and capacity.
it is recommended to use a separate storage unit from the journal for
performance considerations.
<journal-retention-directory period="7" unit="DAYS"
storage-limit="10G">data/retention</journal-retention-directory>
You can also enable retention by using the argument journal-retention on
the `artemis create` command -->
<journal-datasync>true</journal-datasync>
<journal-min-files>2</journal-min-files>
<journal-pool-files>10</journal-pool-files>
<journal-device-block-size>4096</journal-device-block-size>
<journal-file-size>10M</journal-file-size>
<!--
This value was determined through a calculation.
Your system could perform 62,5 writes per millisecond
on the current journal configuration.
That translates as a sync write every 16000 nanoseconds.
Note: If you specify 0 the system will perform writes directly to the
disk.
We recommend this to be 0 if you are using journalType=MAPPED and
journal-datasync=false.
-->
<journal-buffer-timeout>16000</journal-buffer-timeout>
<!--
When using ASYNCIO, this will determine the writing queue depth for
libaio.
-->
<journal-max-io>4096</journal-max-io>
<!--
You can verify the network health of a particular NIC by specifying the
<network-check-NIC> element.
<network-check-NIC>theNicName</network-check-NIC>
-->
<!--
Use this to use an HTTP server to validate the network
<network-check-URL-list>http://www.apache.org</network-check-URL-list>
-->
<!-- <network-check-period>10000</network-check-period> -->
<!-- <network-check-timeout>1000</network-check-timeout> -->
<!-- this is a comma separated list, no spaces, just DNS or IPs
it should accept IPV6
Warning: Make sure you understand your network topology as this is
meant to validate if your network is valid.
Using IPs that could eventually disappear or be partially
visible may defeat the purpose.
You can use a list of multiple IPs, and if any successful
ping will make the server OK to continue running -->
<!-- <network-check-list>10.0.0.1</network-check-list> -->
<!-- use this to customize the ping used for ipv4 addresses -->
<!-- <network-check-ping-command>ping -c 1 -t %d
%s</network-check-ping-command> -->
<!-- use this to customize the ping used for ipv6 addresses -->
<!-- <network-check-ping6-command>ping6 -c 1
%2$s</network-check-ping6-command> -->
<!-- how often we are looking for how many bytes are being used on the
disk in ms -->
<disk-scan-period>5000</disk-scan-period>
<!-- once the disk hits this limit the system will block, or close the
connection in certain protocols
that won't support flow control. -->
<max-disk-usage>90</max-disk-usage>
<!-- should the broker detect dead locks and other issues -->
<critical-analyzer>true</critical-analyzer>
<critical-analyzer-timeout>120000</critical-analyzer-timeout>
<critical-analyzer-check-period>60000</critical-analyzer-check-period>
<critical-analyzer-policy>HALT</critical-analyzer-policy>
<page-sync-timeout>239999</page-sync-timeout>
<!-- the system will enter into page mode once you hit this limit. This
is an estimate in bytes of how much the messages are using in memory
The system will use half of the available memory (-Xmx) by default for
the global-max-size.
You may specify a different value here if you need to customize it to
your needs.
<global-max-size>100Mb</global-max-size> -->
<!-- the maximum number of messages accepted before entering full address
mode.
if global-max-size is specified the full address mode will be
specified by whatever hits it first. -->
<global-max-messages>-1</global-max-messages>
<acceptors>
<!-- useEpoll means: it will use Netty epoll if you are on a system
(Linux) that supports it -->
<!-- amqpCredits: The number of credits sent to AMQP producers -->
<!-- amqpLowCredits: The server will send the # credits specified at
amqpCredits at this low mark -->
<!-- amqpDuplicateDetection: If you are not using duplicate detection,
set this to false
as duplicate detection requires
applicationProperties to be parsed on the server. -->
<!-- amqpMinLargeMessageSize: Determines how many bytes are considered
large, so we start using files to hold their data.
default: 102400, -1 would mean to
disable large message control -->
<!-- Note: If an acceptor needs to be compatible with HornetQ and/or
Artemis 1.x clients add
"anycastPrefix=jms.queue.;multicastPrefix=jms.topic." to
the acceptor url.
See https://issues.apache.org/jira/browse/ARTEMIS-1644 for
more information. -->
<!-- Acceptor for every supported protocol -->
<acceptor
name="artemis">tcp://0.0.0.0:61616?anycastPrefix=jms.queue.;multicastPrefix=jms.topic.;tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;amqpMinLargeMessageSize=102400;protocols=CORE,AMQP,STOMP,HORNETQ,MQTT,OPENWIRE;useEpoll=true;amqpCredits=1000;amqpLowCredits=300;amqpDuplicateDetection=true;supportAdvisory=false;suppressInternalManagementObjects=false</acceptor>
<!-- AMQP Acceptor. Listens on default AMQP port for AMQP traffic.-->
<acceptor
name="amqp">tcp://0.0.0.0:5672?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;protocols=AMQP;useEpoll=true;amqpCredits=1000;amqpLowCredits=300;amqpMinLargeMessageSize=102400;amqpDuplicateDetection=true</acceptor>
<!-- STOMP Acceptor. -->
<acceptor
name="stomp">tcp://0.0.0.0:61613?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;protocols=STOMP;useEpoll=true</acceptor>
<!-- HornetQ Compatibility Acceptor. Enables HornetQ Core and STOMP
for legacy HornetQ clients. -->
<acceptor
name="hornetq">tcp://0.0.0.0:5445?anycastPrefix=jms.queue.;multicastPrefix=jms.topic.;protocols=HORNETQ,STOMP;useEpoll=true</acceptor>
<!-- MQTT Acceptor -->
<acceptor
name="mqtt">tcp://0.0.0.0:1883?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;protocols=MQTT;useEpoll=true</acceptor>
</acceptors>
<security-settings>
<security-setting match="#">
<permission type="createNonDurableQueue" roles="amq"/>
<permission type="deleteNonDurableQueue" roles="amq"/>
<permission type="createDurableQueue" roles="amq"/>
<permission type="deleteDurableQueue" roles="amq"/>
<permission type="createAddress" roles="amq"/>
<permission type="deleteAddress" roles="amq"/>
<permission type="consume" roles="amq,myRole"/>
<permission type="browse" roles="amq,myRole"/>
<permission type="send" roles="amq,myRole"/>
<!-- we need this otherwise ./artemis data imp wouldn't work -->
<permission type="manage" roles="amq"/>
</security-setting>
</security-settings>
<address-settings>
<!-- if you define auto-create on certain queues, management has to be
auto-create -->
<address-setting match="activemq.management#">
<dead-letter-address>DLQ</dead-letter-address>
<expiry-address>ExpiryQueue</expiry-address>
<redelivery-delay>0</redelivery-delay>
<!-- with -1 only the global-max-size is in use for limiting -->
<max-size-bytes>-1</max-size-bytes>
<message-counter-history-day-limit>10</message-counter-history-day-limit>
<address-full-policy>PAGE</address-full-policy>
<auto-create-queues>false</auto-create-queues>
<auto-create-addresses>false</auto-create-addresses>
</address-setting>
<!--default for catch all-->
<address-setting match="#">
<dead-letter-address>DLQ</dead-letter-address>
<expiry-address>ExpiryQueue</expiry-address>
<redelivery-delay>0</redelivery-delay>
<message-counter-history-day-limit>10</message-counter-history-day-limit>
<address-full-policy>PAGE</address-full-policy>
<auto-create-queues>false</auto-create-queues>
<auto-create-addresses>false</auto-create-addresses>
<auto-delete-queues>false</auto-delete-queues>
<auto-delete-addresses>false</auto-delete-addresses>
<!-- The size of each page file -->
<page-size-bytes>10M</page-size-bytes>
<!-- When we start applying the address-full-policy, e.g paging -->
<!-- Both are disabled by default, which means we will use the
global-max-size/global-max-messages -->
<max-size-bytes>-1</max-size-bytes>
<max-size-messages>-1</max-size-messages>
<!-- When we read from paging into queues (memory) -->
<max-read-page-messages>-1</max-read-page-messages>
<max-read-page-bytes>20M</max-read-page-bytes>
<!-- Limit on paging capacity before starting to throw errors -->
<page-limit-bytes>-1</page-limit-bytes>
<page-limit-messages>-1</page-limit-messages>
</address-setting>
</address-settings>
<addresses>
<address name="DLQ">
<anycast>
<queue name="DLQ" />
</anycast>
</address>
<address name="ExpiryQueue">
<anycast>
<queue name="ExpiryQueue" />
</anycast>
</address>
<address name="TEST.QUEUE.A">
<anycast>
<queue name="TEST.QUEUE.A" />
</anycast>
</address>
</addresses>
<!-- Uncomment the following if you want to use the Standard
LoggingActiveMQServerPlugin pluging to log in events
<broker-plugins>
<broker-plugin
class-name="org.apache.activemq.artemis.core.server.plugin.impl.LoggingActiveMQServerPlugin">
<property key="LOG_ALL_EVENTS" value="true"/>
<property key="LOG_CONNECTION_EVENTS" value="true"/>
<property key="LOG_SESSION_EVENTS" value="true"/>
<property key="LOG_CONSUMER_EVENTS" value="true"/>
<property key="LOG_DELIVERING_EVENTS" value="true"/>
<property key="LOG_SENDING_EVENTS" value="true"/>
<property key="LOG_INTERNAL_EVENTS" value="true"/>
</broker-plugin>
</broker-plugins>
-->
</core>
</configuration>
Regards,
Calle
