Details
-
Task
-
Resolution: Done
-
Major
-
None
-
None
-
False
-
False
-
Undefined
Description
Since taking AMQ Broker 7.7, the broker-support has become broken. Specifically, the user authenticates correctly, but does not have permission to execute broker methods.
2021-03-07T22:33:39.569Z INFO [resource] AMQ601718: User broker-support-8b0ba912-700f-4296-b614-faf4b61f574c(admin)@127.0.0.1:35108 does not have correct role to access getAddress on management object org.apache.activemq.artemis:broker="broker-e180e00-5kzy-0",component=addresses,address="message-redelivery"
Turning up logging for Broker, I could see:
021-03-08T10:38:51.077Z DEBUG [SaslDelegatingLogin] Support access configured
2021-03-08T10:38:51.078Z DEBUG [SaslDelegatingLogin] Adding user principal for: broker-support-8b0ba912-700f-4296-b614-faf4b61f574c
2021-03-08T10:38:51.078Z DEBUG [SaslDelegatingLogin] Adding role principal for: all
2021-03-08T10:38:51.078Z DEBUG [SaslDelegatingLogin] Adding role principal for:
2021-03-08T10:38:51.078Z DEBUG [SaslDelegatingLogin] Adding role principal for: admin
comparing with Broker 7.6:
2021-03-08T10:30:24.516Z DEBUG [SaslDelegatingLogin] Support access configured
2021-03-08T10:30:24.516Z DEBUG [SaslDelegatingLogin] Adding user principal for: broker-support-8b0ba912-700f-4296-b614-faf4b61f574c
2021-03-08T10:30:24.516Z DEBUG [SaslDelegatingLogin] Adding role principal for: all
2021-03-08T10:30:24.516Z DEBUG [SaslDelegatingLogin] Adding role principal for: admin
2021-03-08T10:30:24.516Z DEBUG [SaslDelegatingLogin] Adding role principal for: manage
notice that the manage principal is absent.