Details
-
Bug
-
Resolution: Done
-
Major
-
AMQ 7.2.4.GA
-
None
-
Release Notes
-
+
-
Previously, an MQTT consumer saw an exception when subscribed with quality of service (QoS) level 2 to an address with custom security settings. This issue is now resolved.
-
Documented as Resolved Issue
-
Verified in a release
-
Description
If custom security settings are configured for an address like this:
<security-setting match="address.name.#"> <permission type="createNonDurableQueue" roles="ADA"/> <permission type="deleteNonDurableQueue" roles="ADA"/> <permission type="createDurableQueue" roles="ADA"/> <permission type="deleteDurableQueue" roles="ADA"/> <permission type="createAddress" roles="ADA"/> <permission type="deleteAddress" roles="ADA"/> <permission type="consume" roles="ADA"/> <permission type="browse" roles="ADA"/> <permission type="send" roles="amq,ADA"/> <permission type="manage" roles="ADA"/> </security-setting> **Here AMQ is for admin and ADA is for test users
Then the MQTT consumer gets this error:
Connection lost because: Connection lost (32109) - java.io.EOFException
There is also an exception in the logs but only if the debug logging is enabled.
2019-05-17 11:52:34,146 DEBUG [org.apache.activemq.artemis.core.protocol.mqtt] Error processing Control Packet, Disconnecting Client: ActiveMQSecurityException[errorType=SECURITY_EXCEPTION message=AMQ229213: User: test does not have permission='CONSUME' for queue $sys.mqtt.queue.qos2.MQTT-Java-Example-SUB on address $sys.mqtt.queue.qos2.MQTT-Java-Example-SUB.$sys.mqtt.queue.qos2.MQTT-Java-Example-SUB]
This works fine for Qos < 2
