Details
-
Task
-
Resolution: Unresolved
-
Minor
-
None
-
None
-
None
-
None
-
False
-
False
-
Documentation (Ref Guide, User Guide, etc.)
Description
When a multicast address/queue is defined:
<address name="some.address.of.mine">
<multicast>
<queue name="some.queue.of.mine" />
<queue name="some.queue.of.yours" />
</multicast>
</address>
and a security-setting matching the address and queue (FQQN) is defined:
<security-setting match="some.address.of.mine::some.queue.of.mine">
<permission type="consume" roles="amq"/>
</security-setting>
the user / role is able to connect and consume from the queue using FQQN, but when the address policy is created with wildcard placeholders:
<security-setting match="some.address.*.mine::some.queue.*.mine">
<permission type="consume" roles="amq"/>
</security-setting>
Consumption fails with:
2022-01-14 15:37:13,302 WARN [org.apache.activemq.artemis.core.server] Errors occurred during the buffering operation : ActiveMQSecurityException[errorType=SECURITY_EXCEPTION message=AMQ229213: User: admin does not have permission='CONSUME' for queue some.queue.of.mine on address some.address.of.mine]
We have verified that the wildcard substitution is for a single word and should otherwise match the FQQN.
