Issue subscribing durable queue to topic

ruplim

Hello
We are using Spring Cloud Stream solace binder to connect to Solace. We are facing an issue when durable queues subscribe to topic.

Case 1:
When the application is creating the queue we are not facing any issue. The durable queue gets subscribed to the topic and is able to consume message successfully.

Case 2:
When the durable queue is not created by app (created by Solace Admin), we are seeing below error during application startup.
Caused by: com.solacesystems.jcsmp.AccessDeniedException: Permission Not Allowed - Queue 'XXXXX' - Topic 'YYYY'

We need help on the type of permission to be granted to resolve the access issue.

Thanks

SasikumarSP

Hi Ruplim,
It's recommended to add the topic subscription manually when queues are created through soladmin. The wildcard topic string can also be added to the queue. Then the consumer can directly bind the queue without creating from API code.

In case if you need the topic subscription to be added from API code then, you may need to understand the difference between "owner" and "All other Permission" props in the queue.

• Owner: Assign the client-username which will be used by consumer application. The client who binds the queue through that username will have full permission. It can add or remove topic subscriptions to queue.

• All other Permission: As the name says, you can define the permission level for all other client-usernames apart from the owner. Any client connects through another username will have that permission. I recommend to have "no-access" if the owner is assigned for the queue otherwise, you can have "consume" or "modify" permission.

In your use-case, assign the consumer client-username as owner with "all other permission" as no-access and try to bind the queue.

SasikumarSP

Hi Ruplim,
It's recommended to add the topic subscription manually when queues are created through soladmin. The wildcard topic string can also be added to the queue. Then the consumer can directly bind the queue without creating from API code.

In case if you need the topic subscription to be added from API code then, you may need to understand the difference between "owner" and "All other Permission" props in the queue.

• Owner: Assign the client-username which will be used by consumer application. The client who binds the queue through that username will have full permission. It can add or remove topic subscriptions to queue.

• All other Permission: As the name says, you can define the permission level for all other client-usernames apart from the owner. Any client connects through another username will have that permission. I recommend to have "no-access" if the owner is assigned for the queue otherwise, you can have "consume" or "modify" permission.

In your use-case, assign the consumer client-username as owner with "all other permission" as no-access and try to bind the queue.

marc

Hi ruplim,
Please see Andrew's response here: https://solace.community/discussion/94/spring-cloud-stream-and-solace-bindings
At this time the SCS binder will always attempt to create the queue & add the topic subscriptions.

-Marc

marc

Hi @ruplim ,
I just wanted to update you and anyone that finds this thread that the latest version of the Solace Spring Cloud Stream Binder now allows for you to disable queue provisioning so you can use it with pre-provisioned queues.

There are three new properties that you can set to false to disable provisioning. You can find more info here.
The properties are:
1. provisionDurableQueue
2. provisionSubscriptionsToDurableQueue
3. provisionDmq

Happy Streaming!

akg17

It's recommended to add the topic subscription manually when queues are created through soladmin

how do we do this ?

I am able to subscribe to the queue without group name but why not with group name i have preprovisioned the queue, set the provisionDurableQueue to false. Permission Not Allowed - Queue 'XXXXX' - Topic 'YYYY'

marc

Hi @akg17,

Try setting provisionSubscriptionsToDurableQueue to false as well.

Ravi

I am also facing same issue, where we need to set these properties, in yaml when setting these properties its giving error. can you provide sample properties/yaml file for below, i am using solace-spring-cloud-bom.version 2.1.0
1. provisionDurableQueue
2. provisionSubscriptionsToDurableQueue
3. provisionDmq
4. provisionSubscriptionsToDurableQueue

marc

Hey @Ravi,

There is an example here that should give you what you need:
https://solace.community/discussion/comment/2704#Comment_2704

Hope that helps!