Hello On 2026/03/20 21:08:40 Alexander Milovidov wrote: > Thank you all for your help! > > I checked in the new version 2.53.0 - object permissions are being granted > or displayed correctly. > I tried testing this in a test environment, but the web console took so > long to load (with around 3000 addresses with different ACLs) that I > decided to revert back to the old version for now. I'll test it later in > environments with fewer entries.
The performance improvements are technically implemented by "jolokia integration" libraries. I just checked in fresh 2.53.0 with 5000 queues (but no RBAC configured). If you use browser console (F12 dev tools), there's one special XHR request with `maxDepth=9`: http://localhost:8161/console/jolokia/?maxDepth=9&maxCollectionSize=50000&ignoreErrors=true&canonicalNaming=false&mimeType=application/json&listCache=true Without optimization, this request takes a lot of time and bandwidth, but with optimization, for me it was 1.23s and 1.4MB... Can we check (roughly) what is your RBAC configurations? kind regards Grzegorz Grzybek > > пт, 20 мар. 2026 г. в 18:26, Clebert Suconic <[email protected]>: > > > the download is already updated... I'm just sending the announcement now: > > > > https://artemis.apache.org/components/artemis/download/ > > > > On Fri, Mar 20, 2026 at 9:47 AM Vilius Šumskas via users > > <[email protected]> wrote: > > > > > > Sure, as soon as tarball is available on the website. > > > > > > -- > > > Vilius > > > > > > >-----Original Message----- > > > >From: Clebert Suconic <[email protected]> > > > >Sent: Friday, March 20, 2026 3:39 PM > > > >To: [email protected] > > > >Cc: Vilius Šumskas <[email protected]> > > > >Subject: Re: Possible bug with management ACLs > > > > > > > >I'm about to release 2.53.0. Can you try in that version? > > > > > > > >On Fri, Mar 20, 2026 at 9:12 AM Vilius Šumskas via users > > > ><[email protected]> wrote: > > > >> > > > >> Hi, > > > >> > > > >> > > > >> > > > >> I‘m not sure if this is the same bug, but indeed something has > > changed in recent > > > >Artemis versions in regards to management.xml ACLs. We encountered this > > issue > > > >https://github.com/jolokia/jolokia-integration/issues/5 . It is filled > > against Jolokia, > > > >but now I’m wondering if these changes are in Artemis itself. > > > >> > > > >> > > > >> > > > >> -- > > > >> > > > >> Vilius > > > >> > > > >> > > > >> > > > >> From: Alexander Milovidov <[email protected]> > > > >> Sent: Friday, March 20, 2026 2:25 PM > > > >> To: [email protected] > > > >> Subject: Possible bug with management ACLs > > > >> > > > >> > > > >> > > > >> Hi All! > > > >> > > > >> > > > >> > > > >> Recently I've discovered a possible bug in Artemis 2.50.0 and later. > > When I > > > >configure management ACL for sending messages on a particular address, > > the > > > >permissions for sending messages are granted only for the queue on this > > address. I > > > >checked if the user has permissions on the objects in the Artemis JMX > > tree. > > > >> > > > >> When I tried to reproduce this issue in an isolated environment, it > > had a different > > > >effect: when I granted permissions on a particular address, the > > permissions were > > > >granted on this address and all other addresses and queues. > > > >> > > > >> > > > >> > > > >> Steps to reproduce on a fresh instance: > > > >> > > > >> - create a user "test" with role "test-role" and add test-role to > > > >> hawtio roles; > > > >> > > > >> - create address TEST.IN with TEST.IN queue.\ > > > >> > > > >> - add an example management ACL to management.xml role-access section: > > > >> > > > >> <match domain="org.apache.activemq.artemis" key="address=TEST.IN"> > > > >> > > > >> <access method="send*" roles="amq,test-role"/> > > > >> <access method="*" roles="amq"/> > > > >> > > > >> </match> > > > >> > > > >> > > > >> > > > >> Also I've mentioned that when I configure JMX exporter as javaagent > > (which > > > >requires java option -Dcom.sun.management.jmxremote=true), all ACLs on > > > >mbeans have no effect. Any operations for all users are available > > regardless of > > > >configured management ACLs. Anyway I plan to get rid of the JMX > > exporter. > > > >> > > > >> > > > >> > > > >> Both problems are reproduced in versions 2.50.0 - 2.52.0 and not > > reproduced in > > > >previous versions. > > > >> > > > >> I'll later try to configure the same management ACLs using > > security-settings in > > > >broker.xml. > > > >> > > > >> > > > >> > > > >> -- > > > >> > > > >> Regards, > > > >> > > > >> Alexander > > > > > > > > > > > > > > > >-- > > > >Clebert Suconic > > > > > > > > -- > > Clebert Suconic > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
