After granting permission, the EMS server does not try to recreate a routed topic consumer.
Article ID: KB0092441
Updated On:
| Products | Versions |
|---|---|
| TIBCO Enterprise Message Service | - |
| Not Applicable | - |
Description
Description:
After granting permission, the EMS server does not try to recreate a routed topic consumer.
Symptoms:
Steps to reproduce this issue:
1). Setup two EMS server (active-active) with routing and authorization enabled (EMS-SERVER and EMS-SERVER2). Use the EMS sample config files: tibemsdroute-1.conf and tibemsdroute-2.conf
2). create user: tester on both EMS servers. run following tibemsadmin script against EMS-SERVER server:
Createtopic1.script
====
delete topic globalT
create topic globalT global,secure
grant topic globalT user=tester publish,subscribe,durable grant topic globalT user=EMS-SERVER2 publish, subscribe,durable ====
Run the following tibemsadmin script against: EMS-SERVER2 server:
Createtopic2.script
===
delete topic globalT
create topic globalT global,secure
grant topic globalT user=tester publish,subscribe,durable grant topic globalT user=EMS-SERVER publish, subscribe,durable ====
java tibjmsTopicSubscriber -server tcp://localhost:7022 -topic globalT -user tester1
You will see the server log reported following:
============
2013-05-01 10:55:24.312 [EMS-SERVER2@lwang-T430]: Created durable nolocal consumer '$sys.route.EMS-SERVER2:globalT' (connid=2, sessid=2, consid=47) on topic 'globalT'
2013-05-01 10:55:24.327 Adding routed topic consumer for '$sys.route.EMS-SERVER2:globalT'
=============
4). Run Createtopic1.script against the EMS-SERVER server to delete and recreate the topic: globalT The server log shows:
===========
2013-05-01 10:56:10.377 [admin@lwang-T430]: deleted topic 'globalT'
2013-05-01 10:56:10.424 [EMS-SERVER2@lwang-T430]: Destroyed consumer (connid=2, sessid=2, consid=47) on topic 'globalT'
2013-05-01 10:56:10.424 [EMS-SERVER2@lwang-T430]: create subscriber failed: durable access denied for topic [globalT].
2013-05-01 10:56:10.424 Authorization exception creating routed topic consumer for '$sys.route.EMS-SERVER2:globalT'
2013-05-01 10:56:10.424 [admin@lwang-T430]: created topic 'globalT': secure,global
2013-05-01 10:56:10.424 Route configuration: Adding topic 'globalT' for server EMS-SERVER2
2013-05-01 10:56:10.424 Route configuration: Sending 1 topics to server EMS-SERVER2 at tcp://localhost:7022 - destination created
2013-05-01 10:56:10.424 [admin@lwang-T430]: granted user 'tester1' permissions on topic 'globalT': subscribe,publish,durable
2013-05-01 10:56:10.424 [admin@lwang-T430]: granted user 'EMS-SERVER2' permissions on topic 'globalT': subscribe,publish,durable
2013-05-01 10:56:10.455 [admin@lwang-T430]: Destroyed producer (connid=7, sessid=7, prodid=5) into queue '$sys.admin'
2013-05-01 10:56:10.455 [admin@lwang-T430]: Destroyed consumer (connid=7, sessid=7, consid=48) on queue '$TMP$.EMS-SERVER.40EC518154CD7.1'
2013-05-01 10:56:10.455 [admin@lwang-T430]: Disconnected, connection id=7, reason: connection closed (iothr.c:207) ============
The EMS server tries to create the routed topic consumer for '$sys.route.EMS-SERVER2:globalT' when issuing the "create topic globalT global,secure" command, but it fails since the permission is not yet granted. After granting the correct permission, the EMS server does not try to recreate the routed topic consumer. If you modify any property of this topic with addprop or removeprop, this will trigger the EMS server to recreate the routed topic consumer so that messages can be routed over. This only happens if you set secure for the global topic. A non-secure global topic will not get an authorization exception when creating a routed topic consumer if issuing a create topic command.
Cause:
N/A
After granting permission, the EMS server does not try to recreate a routed topic consumer.
Symptoms:
Steps to reproduce this issue:
1). Setup two EMS server (active-active) with routing and authorization enabled (EMS-SERVER and EMS-SERVER2). Use the EMS sample config files: tibemsdroute-1.conf and tibemsdroute-2.conf
2). create user: tester on both EMS servers. run following tibemsadmin script against EMS-SERVER server:
Createtopic1.script
====
delete topic globalT
create topic globalT global,secure
grant topic globalT user=tester publish,subscribe,durable grant topic globalT user=EMS-SERVER2 publish, subscribe,durable ====
Run the following tibemsadmin script against: EMS-SERVER2 server:
Createtopic2.script
===
delete topic globalT
create topic globalT global,secure
grant topic globalT user=tester publish,subscribe,durable grant topic globalT user=EMS-SERVER publish, subscribe,durable ====
3). Start a normal topic consumer or durable subscriber to connect to EMS-SERVER2 for the topic: globalT.
java tibjmsTopicSubscriber -server tcp://localhost:7022 -topic globalT -user tester1
You will see the server log reported following:
============
2013-05-01 10:55:24.312 [EMS-SERVER2@lwang-T430]: Created durable nolocal consumer '$sys.route.EMS-SERVER2:globalT' (connid=2, sessid=2, consid=47) on topic 'globalT'
2013-05-01 10:55:24.327 Adding routed topic consumer for '$sys.route.EMS-SERVER2:globalT'
=============
4). Run Createtopic1.script against the EMS-SERVER server to delete and recreate the topic: globalT The server log shows:
===========
2013-05-01 10:56:10.377 [admin@lwang-T430]: deleted topic 'globalT'
2013-05-01 10:56:10.424 [EMS-SERVER2@lwang-T430]: Destroyed consumer (connid=2, sessid=2, consid=47) on topic 'globalT'
2013-05-01 10:56:10.424 [EMS-SERVER2@lwang-T430]: create subscriber failed: durable access denied for topic [globalT].
2013-05-01 10:56:10.424 Authorization exception creating routed topic consumer for '$sys.route.EMS-SERVER2:globalT'
2013-05-01 10:56:10.424 [admin@lwang-T430]: created topic 'globalT': secure,global
2013-05-01 10:56:10.424 Route configuration: Adding topic 'globalT' for server EMS-SERVER2
2013-05-01 10:56:10.424 Route configuration: Sending 1 topics to server EMS-SERVER2 at tcp://localhost:7022 - destination created
2013-05-01 10:56:10.424 [admin@lwang-T430]: granted user 'tester1' permissions on topic 'globalT': subscribe,publish,durable
2013-05-01 10:56:10.424 [admin@lwang-T430]: granted user 'EMS-SERVER2' permissions on topic 'globalT': subscribe,publish,durable
2013-05-01 10:56:10.455 [admin@lwang-T430]: Destroyed producer (connid=7, sessid=7, prodid=5) into queue '$sys.admin'
2013-05-01 10:56:10.455 [admin@lwang-T430]: Destroyed consumer (connid=7, sessid=7, consid=48) on queue '$TMP$.EMS-SERVER.40EC518154CD7.1'
2013-05-01 10:56:10.455 [admin@lwang-T430]: Disconnected, connection id=7, reason: connection closed (iothr.c:207) ============
The EMS server tries to create the routed topic consumer for '$sys.route.EMS-SERVER2:globalT' when issuing the "create topic globalT global,secure" command, but it fails since the permission is not yet granted. After granting the correct permission, the EMS server does not try to recreate the routed topic consumer. If you modify any property of this topic with addprop or removeprop, this will trigger the EMS server to recreate the routed topic consumer so that messages can be routed over. This only happens if you set secure for the global topic. A non-secure global topic will not get an authorization exception when creating a routed topic consumer if issuing a create topic command.
Cause:
N/A
Issue/Introduction
After granting permission, the EMS server does not try to recreate a routed topic consumer.
Resolution
You can use the following workaround to resolve this issue.
1). Creating the topic without the "global" property.
2). Grant the permissions as needed.
3). Add the "global" property to the topic
Note: There is no simple solution for a fix other than using this workaround.
Feedback
Yes
No
Powered by
