(403) - Publish ACL Denied

Team, I am using Solace JMS Spring Boot Starter for sending a message to a topic and getting the following error(403) - Publish ACL Denied

solace.jms.host=tcps://hostname:30969
solace.jms.msgVpn=integration
solace.jms.clientUsername=username
solace.jms.clientPassword=password
spring.main.allow-bean-definition-overriding=true
@PostConstruct
    private void customizeJmsTemplate() {
        // Update the jmsTemplate's connection factory to cache the connection
        CachingConnectionFactory ccf = new CachingConnectionFactory();
        ccf.setTargetConnectionFactory(jmsTemplate.getConnectionFactory());
        jmsTemplate.setConnectionFactory(ccf);

        // By default Spring Integration uses Queues, but if you set this to true you
        // will send to a PubSub+ topic destination
        jmsTemplate.setPubSubDomain(false);
    }


    @Scheduled(fixedRate = 5000)
    public void sendEvent() throws Exception {
        String msg = "Hello World " + System.currentTimeMillis();
        System.out.println("==========SENDING MESSAGE========== " + msg);
        jmsTemplate.convertAndSend("myTopic", msg);
    }

Please suggest me what is the issue here?

Tagged:

Comments

  • arih
    arih Member, Employee Posts: 125 Solace Employee

    hi @bsudabathula ,

    Your username is likely having an ACL profile that does not allow you to publish to "myTopic" - you should check the ACL profile of your client username using CLI or web manager.

    Refer to documentation here as well: https://docs.solace.com/Overviews/ACL-Overview.htm

  • bsudabathula
    bsudabathula Member Posts: 11

    I tried to publish a message using solace java dependency to the same topic and it is working with out any issues. But when i start using the SpringBoot JMS it is throwing an Publish ACL denied. I don't think this is an issue with the User ACL Profile.

    By the way this code is working , but we want to move to JMS Client.

    public void publish(String textMessage) throws JCSMPException {
            final JCSMPSession session = solaceFactory.createSession();
            session.connect();
            XMLMessageProducer prod = session.getMessageProducer(new JCSMPStreamingPublishEventHandler() {
                @Override
                public void responseReceived(String messageID) {
                    logger.info("Producer received response for msg: " + messageID);
                }
    
                @Override
                public void handleError(String messageID, JCSMPException e, long timestamp) {
                    logger.info("Producer received error for msg: %s@%s - %s%n", messageID, timestamp, e);
                }
            });
            Topic topic = JCSMPFactory.onlyInstance().createTopic("myTopic");
            XMLContentMessage msg = JCSMPFactory.onlyInstance().createMessage(XMLContentMessage.class);
            msg.setDeliveryMode(DeliveryMode.PERSISTENT);
            msg.setXMLContent(textMessage);
            prod.send(msg, topic);
            session.closeSession();
        }
    
    

    Please let me know where it is failing.

  • bsudabathula
    bsudabathula Member Posts: 11

    I don't think this is an issue with the ACL Profile why because I am able to publish to the same Topic using Solace Java Client Library.

    `public void publish(String textMessage) throws JCSMPException {
    final JCSMPSession session = solaceFactory.createSession();
    session.connect();
    XMLMessageProducer prod = session.getMessageProducer(new JCSMPStreamingPublishEventHandler() {
    @Override
    public void responseReceived(String messageID) {
    logger.info("Producer received response for msg: " + messageID);
    }

            @Override
            public void handleError(String messageID, JCSMPException e, long timestamp) {
                logger.info("Producer received error for msg: %s@%s - %s%n", messageID, timestamp, e);
            }
        });
        Topic topic = JCSMPFactory.onlyInstance().createTopic(createachtopic);
        XMLContentMessage msg = JCSMPFactory.onlyInstance().createMessage(XMLContentMessage.class);
        msg.setDeliveryMode(DeliveryMode.PERSISTENT);
        msg.setXMLContent(textMessage);
        prod.send(msg, topic);
        session.closeSession();
    }`
    
  • bsudabathula
    bsudabathula Member Posts: 11

    @arih Do you have any idea what i missing in this scenario?

  • Aaron
    Aaron Member, Administrator, Moderator, Employee Posts: 634 admin

    @bsudabathula Ok, that is definitely weird. Are you for sure using the same host, and Message VPN, and username? ACL profiles are tied to usernames, and are VPN specific, so (I hope) both of your tests are using the same login information.

    As far as I know, you should never see an ACL publish exception unless the ACL profile associated with the username is specifically configured as such.

    Please go into the PubSub+ Manager (host:8080), click on the VPN name --> Access Control --> ACL Profiles --> choose yours --> Publish Topic, and screenshot it please.

    Or, if you have access to CLI:

    show client-username <blah> detail
        (look for the ACL profile used by your username)
    show acl-profile <blah-acl> detail
    

    Also, if you have access to CLI, can you show me:

    show log acl publish-topic
    

    After you get the error in your client app.

    Thanks!

  • bsudabathula
    bsudabathula Member Posts: 11

    Here is the screenshot attached for your reference.
    @Aaron

  • arih
    arih Member, Employee Posts: 125 Solace Employee

    Hi @bsudabathula

    It seems your JMS code is trying to publish to a Queue

    // By default Spring Integration uses Queues, but if you set this to true you
            // will send to a PubSub+ topic destination
            jmsTemplate.setPubSubDomain(false);
    

    So if you're trying to send to "**myQueue**" then somewhere in the publish exception list (because the default is Disallow) you should have an entry of "**#P2P/QUE/myTopic**". Could you double check that too?

    thanks,
    Ari

  • bsudabathula
    bsudabathula Member Posts: 11
    edited September 2021 #9

    @arih

    I have changed the flag value to true, even though i am getting the same error.

    `@PostConstruct
    private void customizeJmsTemplate() {
    // Update the jmsTemplate's connection factory to cache the connection
    CachingConnectionFactory ccf = new CachingConnectionFactory();
    ccf.setTargetConnectionFactory(jmsTemplate.getConnectionFactory());
    jmsTemplate.setConnectionFactory(ccf);

        // By default Spring Integration uses Queues, but if you set this to true you
        // will send to a PubSub+ topic destination
        jmsTemplate.setPubSubDomain(true);
    }
    
    
    @Scheduled(fixedRate = 60000)
    public void sendEvent() throws Exception {
        String msg = "Hello World " + System.currentTimeMillis();
        System.out.println("==========SENDING MESSAGE========== " + msg);
        jmsTemplate.convertAndSend("T/tab/Singelton/Sender", msg);
    }
    
    
    
    
    
    @JmsListener(destination = "Q/tab/Multithreading/Receiver", concurrency = "3-10" )
    public void handle(Message message) {
    
        counter = counter+1;
        Date receiveTime = new Date();
        System.out.println(
                "Consumer Process started at Received at " + new SimpleDateFormat("yyyy-MM-dd HH:mm:ss.SSS").format(receiveTime));
        if (message instanceof TextMessage) {
            TextMessage tm = (TextMessage) message;
            try {
    
                tm.getText();
                tm.acknowledge();
                System.out.println(Thread.currentThread().getId());
                System.out.println("Processed ----" + counter + " so far" );
    
            } catch (JMSException e) {
                e.printStackTrace();
            }
        } else {
            System.out.println(message.toString());
        }
    }
    

    `


    Error
    {"app":"createachtransaction","@timestamp":"2021-09-09T16:24:39.136-07:00","logger":"com.solacesystems.jcsmp.impl.JCSMPXMLMessageProducer","level":"INFO","class":"com.solacesystems.jcsmp.impl.JCSMPXMLMessageProducer","method":"getAndProcessResponse","file":"JCSMPXMLMessageProducer.java","line":1432,"thread":"Context_3_ReactorThread","msg":"Error Response (403) - Publish ACL Denied - Topic 'T/tab/Singelton/Sender'"}

  • arih
    arih Member, Employee Posts: 125 Solace Employee

    Hi @bsudabathula

    the error is telling us that the ACL profile of the user that you use to publish is not allowed to publish to topic 'T/tab/Singelton/Sender'

    The difference between Queue and Topic is only the additional "#P2P/QUEUE/" prefix when you want to use Queue.

    So, I think first we need to confirm:

    • the username
    • the ACL profile of that username (by looking into the user details)
    • the publish permission for that ACL profile has 'T/tab/Singelton/Sender' in the exception list

    if possible, it might help to create a brand new username and a dedicated ACL profile so you can start with all allowed first, then disallow with exceptions as needed.

  • bsudabathula
    bsudabathula Member Posts: 11
    edited September 2021 #11

    I have added my topic to the ExceptionList and the issue is resolved.

    I think that the issue is in your ACL, I see that the default behavior is to “Disallow” publish, so that means you have to add an Exception to allow your client to send messages to the desired topic “T/tab/Singelton/Sender”. To do this follow the steps:

    1. Go to Access Control on the left side menu.
    2. Go to the ACL Profiles Tab
    3. Go to JavaPublishConsumeACL and click on it.
    4. Go to Publish Topic Tab.
    5. Click on the “+ Exception” button.
    6. Type the topic you want to publish in the text box T/tab/Singelton/Sender
    7. Click on Apply.
    8. You are done, test again and you should have Publish Permissions.
  • arih
    arih Member, Employee Posts: 125 Solace Employee

    Good to hear it is resolved!

    Yeah, that’s how it’s done, for new ACL profile it’s totally locked down and we open up as needed.