(403) - Publish ACL Denied
Team, I am using Solace JMS Spring Boot Starter for sending a message to a topic and getting the following error(403) - Publish ACL Denied
solace.jms.host=tcps://hostname:30969 solace.jms.msgVpn=integration solace.jms.clientUsername=username solace.jms.clientPassword=password spring.main.allow-bean-definition-overriding=true
@PostConstruct
private void customizeJmsTemplate() {
// Update the jmsTemplate's connection factory to cache the connection
CachingConnectionFactory ccf = new CachingConnectionFactory();
ccf.setTargetConnectionFactory(jmsTemplate.getConnectionFactory());
jmsTemplate.setConnectionFactory(ccf);
// By default Spring Integration uses Queues, but if you set this to true you
// will send to a PubSub+ topic destination
jmsTemplate.setPubSubDomain(false);
}
@Scheduled(fixedRate = 5000)
public void sendEvent() throws Exception {
String msg = "Hello World " + System.currentTimeMillis();
System.out.println("==========SENDING MESSAGE========== " + msg);
jmsTemplate.convertAndSend("myTopic", msg);
}
Please suggest me what is the issue here?
Comments
-
hi @bsudabathula ,
Your username is likely having an ACL profile that does not allow you to publish to "myTopic" - you should check the ACL profile of your client username using CLI or web manager.
Refer to documentation here as well: https://docs.solace.com/Overviews/ACL-Overview.htm
2 -
I tried to publish a message using solace java dependency to the same topic and it is working with out any issues. But when i start using the SpringBoot JMS it is throwing an Publish ACL denied. I don't think this is an issue with the User ACL Profile.
By the way this code is working , but we want to move to JMS Client.
public void publish(String textMessage) throws JCSMPException { final JCSMPSession session = solaceFactory.createSession(); session.connect(); XMLMessageProducer prod = session.getMessageProducer(new JCSMPStreamingPublishEventHandler() { @Override public void responseReceived(String messageID) { logger.info("Producer received response for msg: " + messageID); } @Override public void handleError(String messageID, JCSMPException e, long timestamp) { logger.info("Producer received error for msg: %s@%s - %s%n", messageID, timestamp, e); } }); Topic topic = JCSMPFactory.onlyInstance().createTopic("myTopic"); XMLContentMessage msg = JCSMPFactory.onlyInstance().createMessage(XMLContentMessage.class); msg.setDeliveryMode(DeliveryMode.PERSISTENT); msg.setXMLContent(textMessage); prod.send(msg, topic); session.closeSession(); }Please let me know where it is failing.
0 -
I don't think this is an issue with the ACL Profile why because I am able to publish to the same Topic using Solace Java Client Library.
`public void publish(String textMessage) throws JCSMPException {
final JCSMPSession session = solaceFactory.createSession();
session.connect();
XMLMessageProducer prod = session.getMessageProducer(new JCSMPStreamingPublishEventHandler() {
@Override
public void responseReceived(String messageID) {
logger.info("Producer received response for msg: " + messageID);
}@Override public void handleError(String messageID, JCSMPException e, long timestamp) { logger.info("Producer received error for msg: %s@%s - %s%n", messageID, timestamp, e); } }); Topic topic = JCSMPFactory.onlyInstance().createTopic(createachtopic); XMLContentMessage msg = JCSMPFactory.onlyInstance().createMessage(XMLContentMessage.class); msg.setDeliveryMode(DeliveryMode.PERSISTENT); msg.setXMLContent(textMessage); prod.send(msg, topic); session.closeSession(); }`0 -
@arih Do you have any idea what i missing in this scenario?
0 -
@bsudabathula Ok, that is definitely weird. Are you for sure using the same host, and Message VPN, and username? ACL profiles are tied to usernames, and are VPN specific, so (I hope) both of your tests are using the same login information.
As far as I know, you should never see an ACL publish exception unless the ACL profile associated with the username is specifically configured as such.
Please go into the PubSub+ Manager (host:8080), click on the VPN name --> Access Control --> ACL Profiles --> choose yours --> Publish Topic, and screenshot it please.
Or, if you have access to CLI:
show client-username <blah> detail (look for the ACL profile used by your username) show acl-profile <blah-acl> detailAlso, if you have access to CLI, can you show me:
show log acl publish-topic
After you get the error in your client app.
Thanks!
0 -
Here is the screenshot attached for your reference.
@Aaron0 -
It seems your JMS code is trying to publish to a Queue
// By default Spring Integration uses Queues, but if you set this to true you // will send to a PubSub+ topic destination jmsTemplate.setPubSubDomain(false);So if you're trying to send to "
**myQueue**" then somewhere in the publish exception list (because the default is Disallow) you should have an entry of "**#P2P/QUE/myTopic**". Could you double check that too?thanks,
Ari0 -
I have changed the flag value to true, even though i am getting the same error.
`@PostConstruct
private void customizeJmsTemplate() {
// Update the jmsTemplate's connection factory to cache the connection
CachingConnectionFactory ccf = new CachingConnectionFactory();
ccf.setTargetConnectionFactory(jmsTemplate.getConnectionFactory());
jmsTemplate.setConnectionFactory(ccf);// By default Spring Integration uses Queues, but if you set this to true you // will send to a PubSub+ topic destination jmsTemplate.setPubSubDomain(true); } @Scheduled(fixedRate = 60000) public void sendEvent() throws Exception { String msg = "Hello World " + System.currentTimeMillis(); System.out.println("==========SENDING MESSAGE========== " + msg); jmsTemplate.convertAndSend("T/tab/Singelton/Sender", msg); } @JmsListener(destination = "Q/tab/Multithreading/Receiver", concurrency = "3-10" ) public void handle(Message message) { counter = counter+1; Date receiveTime = new Date(); System.out.println( "Consumer Process started at Received at " + new SimpleDateFormat("yyyy-MM-dd HH:mm:ss.SSS").format(receiveTime)); if (message instanceof TextMessage) { TextMessage tm = (TextMessage) message; try { tm.getText(); tm.acknowledge(); System.out.println(Thread.currentThread().getId()); System.out.println("Processed ----" + counter + " so far" ); } catch (JMSException e) { e.printStackTrace(); } } else { System.out.println(message.toString()); } }`
Error
{"app":"createachtransaction","@timestamp":"2021-09-09T16:24:39.136-07:00","logger":"com.solacesystems.jcsmp.impl.JCSMPXMLMessageProducer","level":"INFO","class":"com.solacesystems.jcsmp.impl.JCSMPXMLMessageProducer","method":"getAndProcessResponse","file":"JCSMPXMLMessageProducer.java","line":1432,"thread":"Context_3_ReactorThread","msg":"Error Response (403) - Publish ACL Denied - Topic 'T/tab/Singelton/Sender'"}0 -
the error is telling us that the ACL profile of the user that you use to publish is not allowed to publish to topic 'T/tab/Singelton/Sender'
The difference between Queue and Topic is only the additional "#P2P/QUEUE/" prefix when you want to use Queue.
So, I think first we need to confirm:
- the username
- the ACL profile of that username (by looking into the user details)
- the publish permission for that ACL profile has 'T/tab/Singelton/Sender' in the exception list
if possible, it might help to create a brand new username and a dedicated ACL profile so you can start with all allowed first, then disallow with exceptions as needed.
1 -
I have added my topic to the ExceptionList and the issue is resolved.
I think that the issue is in your ACL, I see that the default behavior is to “Disallow” publish, so that means you have to add an Exception to allow your client to send messages to the desired topic “T/tab/Singelton/Sender”. To do this follow the steps:
- Go to Access Control on the left side menu.
- Go to the ACL Profiles Tab
- Go to JavaPublishConsumeACL and click on it.
- Go to Publish Topic Tab.
- Click on the “+ Exception” button.
- Type the topic you want to publish in the text box T/tab/Singelton/Sender
- Click on Apply.
- You are done, test again and you should have Publish Permissions.
0
