Given the modifications you've made I would expect your JMS consumer to be able to use the queue. I did a quick proof-of-concept on my own machine with all the same changes you made and it works fine using the "consumer" and "producer" commands shipped with the broker (which use JMS). Nothing is auto-created and the consumer is able to receive the messages from the producer using "TEST.QUEUE.A" and the user "myUser" in the role "myRole."
I'm using ActiveMQ Artemis 2.31.0 (i.e. the latest release). What version are you using? Justin On Mon, Oct 9, 2023 at 4:00 PM Calle Andersson <calleanders...@hotmail.com> wrote: > Hi, > > Is there anyone who could confirm if it is possible to configure Artemis > in the same way as I explained in my previous mail or if I have > misunderstood the whole things. > > Thanks in advance, > Calle > > ________________________________ > Från: Calle Andersson <calleanders...@hotmail.com> > Skickat: torsdag, oktober 5, 2023 1:55:10 PM > Till: users@activemq.apache.org <users@activemq.apache.org> > Ämne: Questions regarding auto-creation > > Hi, > > I've just started to investigate how Artemis works and I have some > questions regarding auto-creation of addresses/queues. > > I don't want to allow any clients/servers (who sends and/or consumes > messages) to be able to auto-create addresses or queues. However, I want > the broker to be able to auto-create dead letter queues (with the same name > as the queue but prefixed with "DLQ.") when needed. > > For testing, I have added the following to broker.xml: > <address name="TEST.QUEUE.A"> > <anycast> > <queue name="TEST.QUEUE.A" /> > </anycast> > </address> > > I have created user "myUser" and assigned the role "myRole" to it. > > I have not looked into the dead letter queue configuration yet but I have > tried to prevent "myUser" from auto-creating addresses/queues using the > following configuration: > <security-setting match="#"> > <permission type="createNonDurableQueue" roles="amq"/> > <permission type="deleteNonDurableQueue" roles="amq"/> > <permission type="createDurableQueue" roles="amq"/> > <permission type="deleteDurableQueue" roles="amq"/> > <permission type="createAddress" roles="amq"/> > <permission type="deleteAddress" roles="amq"/> > <permission type="consume" roles="amq,myRole"/> > <permission type="browse" roles="amq,myRole"/> > <permission type="send" roles="amq,myRole"/> > <!-- we need this otherwise ./artemis data imp wouldn't work --> > <permission type="manage" roles="amq"/> > </security-setting> > > <address-settings> > <address-setting match="activemq.management#"> > <auto-create-queues>false</auto-create-queues> > <auto-create-addresses>false</auto-create-addresses> > <!-- ... --> > </address-setting> > <address-setting match="#"> > <auto-create-queues>false</auto-create-queues> > <auto-create-addresses>false</auto-create-addresses> > <!-- ... --> > </address-setting> > </address-settings> > > However, I get the following error when trying to consume from that queue: > ... JmsConsumer[TEST.QUEUE.A]) Setup of JMS message listener invoker > failed for destination 'TEST.QUEUE.A' - trying to recover. Cause: > Destination TEST.QUEUE.A does not exist > > I changed to the following in broker.xml: > <auto-create-queues>true</auto-create-queues> > <auto-create-addresses>true</auto-create-addresses> > > But then I get the following error instead: > ... JmsConsumer[TEST.QUEUE.A]) Setup of JMS message listener invoker > failed for destination 'TEST.QUEUE.A' - trying to recover. Cause: > AMQ229213: User: myUser does not have permission='CREATE_DURABLE_QUEUE' for > queue TEST.QUEUE.A on address TEST.QUEUE.A > > If I do the following change as well, everything works and I can consume > messages: > <permission type="createDurableQueue" roles="amq,myRole"/> > > I don't understand why the createDurableQueue is needed for “myRole” or > why the queue can't be detected at all when auto-create- addresses and > auto-create-queues are set to false. Could anyone shed some lights on > what's going on and why? > > This is my entire broker.xml: > > <?xml version='1.0'?> > > <!-- > > Licensed to the Apache Software Foundation (ASF) under one > > or more contributor license agreements. See the NOTICE file > > distributed with this work for additional information > > regarding copyright ownership. The ASF licenses this file > > to you under the Apache License, Version 2.0 (the > > "License"); you may not use this file except in compliance > > with the License. You may obtain a copy of the License at > > > > http://www.apache.org/licenses/LICENSE-2.0 > > > > Unless required by applicable law or agreed to in writing, > > software distributed under the License is distributed on an > > "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY > > KIND, either express or implied. See the License for the > > specific language governing permissions and limitations > > under the License. > > --> > > > > <configuration xmlns="urn:activemq" > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > > xmlns:xi="http://www.w3.org/2001/XInclude"; > > xsi:schemaLocation="urn:activemq > /schema/artemis-configuration.xsd"> > > > > <core xmlns="urn:activemq:core" xmlns:xsi=" > http://www.w3.org/2001/XMLSchema-instance"; > > xsi:schemaLocation="urn:activemq:core "> > > > > <name>0.0.0.0</name> > > > > > > <persistence-enabled>true</persistence-enabled> > > > > <!-- It is recommended to keep this value as 1, maximizing the > number of records stored about redeliveries. > > However if you must preserve state of individual redeliveries, > you may increase this value or set it to -1 (infinite). --> > > <max-redelivery-records>1</max-redelivery-records> > > > > <!-- this could be ASYNCIO, MAPPED, NIO > > ASYNCIO: Linux Libaio > > MAPPED: mmap files > > NIO: Plain Java Files > > --> > > <journal-type>ASYNCIO</journal-type> > > > > <paging-directory>data/paging</paging-directory> > > > > <bindings-directory>data/bindings</bindings-directory> > > > > <journal-directory>data/journal</journal-directory> > > > > > <large-messages-directory>data/large-messages</large-messages-directory> > > > > > > <!-- if you want to retain your journal uncomment this following > configuration. > > > > This will allow your system to keep 7 days of your data, up to 10G. > Tweak it accordingly to your use case and capacity. > > > > it is recommended to use a separate storage unit from the journal > for performance considerations. > > > > <journal-retention-directory period="7" unit="DAYS" > storage-limit="10G">data/retention</journal-retention-directory> > > > > You can also enable retention by using the argument > journal-retention on the `artemis create` command --> > > > > > > > > <journal-datasync>true</journal-datasync> > > > > <journal-min-files>2</journal-min-files> > > > > <journal-pool-files>10</journal-pool-files> > > > > <journal-device-block-size>4096</journal-device-block-size> > > > > <journal-file-size>10M</journal-file-size> > > > > <!-- > > This value was determined through a calculation. > > Your system could perform 62,5 writes per millisecond > > on the current journal configuration. > > That translates as a sync write every 16000 nanoseconds. > > > > Note: If you specify 0 the system will perform writes directly to > the disk. > > We recommend this to be 0 if you are using journalType=MAPPED > and journal-datasync=false. > > --> > > <journal-buffer-timeout>16000</journal-buffer-timeout> > > > > > > <!-- > > When using ASYNCIO, this will determine the writing queue depth > for libaio. > > --> > > <journal-max-io>4096</journal-max-io> > > <!-- > > You can verify the network health of a particular NIC by > specifying the <network-check-NIC> element. > > <network-check-NIC>theNicName</network-check-NIC> > > --> > > > > <!-- > > Use this to use an HTTP server to validate the network > > > <network-check-URL-list>http://www.apache.org</network-check-URL-list> > --> > > > > <!-- <network-check-period>10000</network-check-period> --> > > <!-- <network-check-timeout>1000</network-check-timeout> --> > > > > <!-- this is a comma separated list, no spaces, just DNS or IPs > > it should accept IPV6 > > > > Warning: Make sure you understand your network topology as this > is meant to validate if your network is valid. > > Using IPs that could eventually disappear or be > partially visible may defeat the purpose. > > You can use a list of multiple IPs, and if any > successful ping will make the server OK to continue running --> > > <!-- <network-check-list>10.0.0.1</network-check-list> --> > > > > <!-- use this to customize the ping used for ipv4 addresses --> > > <!-- <network-check-ping-command>ping -c 1 -t %d > %s</network-check-ping-command> --> > > > > <!-- use this to customize the ping used for ipv6 addresses --> > > <!-- <network-check-ping6-command>ping6 -c 1 > %2$s</network-check-ping6-command> --> > > > > > > > > > > <!-- how often we are looking for how many bytes are being used on > the disk in ms --> > > <disk-scan-period>5000</disk-scan-period> > > > > <!-- once the disk hits this limit the system will block, or close > the connection in certain protocols > > that won't support flow control. --> > > <max-disk-usage>90</max-disk-usage> > > > > <!-- should the broker detect dead locks and other issues --> > > <critical-analyzer>true</critical-analyzer> > > > > <critical-analyzer-timeout>120000</critical-analyzer-timeout> > > > > > <critical-analyzer-check-period>60000</critical-analyzer-check-period> > > > > <critical-analyzer-policy>HALT</critical-analyzer-policy> > > > > > > <page-sync-timeout>239999</page-sync-timeout> > > > > > > <!-- the system will enter into page mode once you hit this limit. > This is an estimate in bytes of how much the messages are using in memory > > > > The system will use half of the available memory (-Xmx) by default > for the global-max-size. > > You may specify a different value here if you need to customize it > to your needs. > > > > <global-max-size>100Mb</global-max-size> --> > > > > <!-- the maximum number of messages accepted before entering full > address mode. > > if global-max-size is specified the full address mode will be > specified by whatever hits it first. --> > > <global-max-messages>-1</global-max-messages> > > > > <acceptors> > > > > <!-- useEpoll means: it will use Netty epoll if you are on a > system (Linux) that supports it --> > > <!-- amqpCredits: The number of credits sent to AMQP producers --> > > <!-- amqpLowCredits: The server will send the # credits specified > at amqpCredits at this low mark --> > > <!-- amqpDuplicateDetection: If you are not using duplicate > detection, set this to false > > as duplicate detection requires > applicationProperties to be parsed on the server. --> > > <!-- amqpMinLargeMessageSize: Determines how many bytes are > considered large, so we start using files to hold their data. > > default: 102400, -1 would mean to > disable large message control --> > > > > <!-- Note: If an acceptor needs to be compatible with HornetQ > and/or Artemis 1.x clients add > > "anycastPrefix=jms.queue.;multicastPrefix=jms.topic." > to the acceptor url. > > See https://issues.apache.org/jira/browse/ARTEMIS-1644 > for more information. --> > > > > > > <!-- Acceptor for every supported protocol --> > > <acceptor name="artemis">tcp:// > 0.0.0.0:61616?anycastPrefix=jms.queue.;multicastPrefix=jms.topic.;tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;amqpMinLargeMessageSize=102400;protocols=CORE,AMQP,STOMP,HORNETQ,MQTT,OPENWIRE;useEpoll=true;amqpCredits=1000;amqpLowCredits=300;amqpDuplicateDetection=true;supportAdvisory=false;suppressInternalManagementObjects=false > </acceptor> > > > > <!-- AMQP Acceptor. Listens on default AMQP port for AMQP > traffic.--> > > <acceptor name="amqp">tcp:// > 0.0.0.0:5672?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;protocols=AMQP;useEpoll=true;amqpCredits=1000;amqpLowCredits=300;amqpMinLargeMessageSize=102400;amqpDuplicateDetection=true > </acceptor> > > > > <!-- STOMP Acceptor. --> > > <acceptor name="stomp">tcp:// > 0.0.0.0:61613?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;protocols=STOMP;useEpoll=true > </acceptor> > > > > <!-- HornetQ Compatibility Acceptor. Enables HornetQ Core and > STOMP for legacy HornetQ clients. --> > > <acceptor name="hornetq">tcp:// > 0.0.0.0:5445?anycastPrefix=jms.queue.;multicastPrefix=jms.topic.;protocols=HORNETQ,STOMP;useEpoll=true > </acceptor> > > > > <!-- MQTT Acceptor --> > > <acceptor name="mqtt">tcp:// > 0.0.0.0:1883?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;protocols=MQTT;useEpoll=true > </acceptor> > > > > </acceptors> > > > > > > <security-settings> > > <security-setting match="#"> > > <permission type="createNonDurableQueue" roles="amq"/> > > <permission type="deleteNonDurableQueue" roles="amq"/> > > <permission type="createDurableQueue" roles="amq"/> > > <permission type="deleteDurableQueue" roles="amq"/> > > <permission type="createAddress" roles="amq"/> > > <permission type="deleteAddress" roles="amq"/> > > <permission type="consume" roles="amq,myRole"/> > > <permission type="browse" roles="amq,myRole"/> > > <permission type="send" roles="amq,myRole"/> > > <!-- we need this otherwise ./artemis data imp wouldn't work > --> > > <permission type="manage" roles="amq"/> > > </security-setting> > > </security-settings> > > > > <address-settings> > > <!-- if you define auto-create on certain queues, management has > to be auto-create --> > > <address-setting match="activemq.management#"> > > <dead-letter-address>DLQ</dead-letter-address> > > <expiry-address>ExpiryQueue</expiry-address> > > <redelivery-delay>0</redelivery-delay> > > <!-- with -1 only the global-max-size is in use for limiting > --> > > <max-size-bytes>-1</max-size-bytes> > > > <message-counter-history-day-limit>10</message-counter-history-day-limit> > > <address-full-policy>PAGE</address-full-policy> > > <auto-create-queues>false</auto-create-queues> > > <auto-create-addresses>false</auto-create-addresses> > > </address-setting> > > <!--default for catch all--> > > <address-setting match="#"> > > <dead-letter-address>DLQ</dead-letter-address> > > <expiry-address>ExpiryQueue</expiry-address> > > <redelivery-delay>0</redelivery-delay> > > > > > <message-counter-history-day-limit>10</message-counter-history-day-limit> > > <address-full-policy>PAGE</address-full-policy> > > <auto-create-queues>false</auto-create-queues> > > <auto-create-addresses>false</auto-create-addresses> > > <auto-delete-queues>false</auto-delete-queues> > > <auto-delete-addresses>false</auto-delete-addresses> > > > > <!-- The size of each page file --> > > <page-size-bytes>10M</page-size-bytes> > > > > <!-- When we start applying the address-full-policy, e.g > paging --> > > <!-- Both are disabled by default, which means we will use the > global-max-size/global-max-messages --> > > <max-size-bytes>-1</max-size-bytes> > > <max-size-messages>-1</max-size-messages> > > > > <!-- When we read from paging into queues (memory) --> > > > > <max-read-page-messages>-1</max-read-page-messages> > > <max-read-page-bytes>20M</max-read-page-bytes> > > > > <!-- Limit on paging capacity before starting to throw errors > --> > > > > <page-limit-bytes>-1</page-limit-bytes> > > <page-limit-messages>-1</page-limit-messages> > > </address-setting> > > </address-settings> > > > > <addresses> > > <address name="DLQ"> > > <anycast> > > <queue name="DLQ" /> > > </anycast> > > </address> > > <address name="ExpiryQueue"> > > <anycast> > > <queue name="ExpiryQueue" /> > > </anycast> > > </address> > > <address name="TEST.QUEUE.A"> > > <anycast> > > <queue name="TEST.QUEUE.A" /> > > </anycast> > > </address> > > </addresses> > > > > <!-- Uncomment the following if you want to use the Standard > LoggingActiveMQServerPlugin pluging to log in events > > <broker-plugins> > > <broker-plugin > class-name="org.apache.activemq.artemis.core.server.plugin.impl.LoggingActiveMQServerPlugin"> > > <property key="LOG_ALL_EVENTS" value="true"/> > > <property key="LOG_CONNECTION_EVENTS" value="true"/> > > <property key="LOG_SESSION_EVENTS" value="true"/> > > <property key="LOG_CONSUMER_EVENTS" value="true"/> > > <property key="LOG_DELIVERING_EVENTS" value="true"/> > > <property key="LOG_SENDING_EVENTS" value="true"/> > > <property key="LOG_INTERNAL_EVENTS" value="true"/> > > </broker-plugin> > > </broker-plugins> > > --> > > > > </core> > > </configuration> > > Regards, > Calle > >
