Trying to connect consumer to the pre-defined queue, getting error as Permission mismatch.

Hi,

I am trying to connect pre-defined queue named GMMO.UCTRADE.DSLT01 it has ALL OTHER POERMISSIONS: No Access(0000) .

When i try to consume frm the queue , application throws below error :
org.springframework.cloud.stream.provisioning.ProvisioningException: Failed to provision durable queue GMMO.UCTRADE.DSLT01; nested exception is com.solacesystems.jcsmp.PropertyMismatchException: Permission mismatch. (ALL_OTHERS_PERMISSIONS mismatch, expected=0)

Caused by: com.solacesystems.jcsmp.PropertyMismatchException: Permission mismatch. (ALL_OTHERS_PERMISSIONS mismatch, expected=0)

I am sharing the property file and pom.xml ::

spring:
cloud:
stream:
function:
definition: functionUsingTargetDestHeader
bindings:
functionUsingTargetDestHeader-in-0:
destination: GMMO.UCTRADE.DSLT01
group: SINK
functionUsingTargetDestHeader-out-0:
destination: default
binders:
local-solace:
type: solace
environment:
solace:
java:
host: hostName
msgVpn: vpnName
clientUsername: clientName
clientPassword: pwd
solace:
bindings:
functionUsingTargetDestHeader-in-0:
consumer:
provisionDurableQueue: true
queueNamePrefix: ""
useFamiliarityInQueueName: false
useDestinationEncodingInQueueName: false
useGroupNameInQueueName: false

pom.xml : :----

<?xml version="1.0" encoding="UTF-8"?>

4.0.0

org.springframework.boot
spring-boot-starter-parent
2.5.3


com.poc
consumer
0.0.3-SNAPSHOT
consumer
Demo project for Spring Boot

<java.version>1.8</java.version>
<spring-cloud.version>2020.0.4</spring-cloud.version>
<solace-spring-cloud-bom.version>2.1.0</solace-spring-cloud-bom.version>




org.springframework.cloud
spring-cloud-dependencies
${spring-cloud.version}
pom
import


com.solace.spring.cloud
solace-spring-cloud-bom
2.1.0
pom


<dependencies>
    <dependency>
      <groupId>com.solace.spring.cloud</groupId>
      <artifactId>spring-cloud-starter-stream-solace</artifactId>
      <version>3.1.0</version>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-test</artifactId>
        <scope>test</scope>
        <exclusions>
            <!-- Excluding logback dependencies to use l4j2 -->
            <exclusion>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-starter-logging</artifactId>
            </exclusion>
        </exclusions>
    </dependency>
    <dependency>
        <groupId>com.github.ulisesbocchio</groupId>
        <artifactId>jasypt-spring-boot-starter</artifactId>
        <version>2.1.1</version>
    </dependency>
    <dependency>
        <groupId>org.projectlombok</groupId>
        <artifactId>lombok</artifactId>
    </dependency>       
</dependencies>
<build>
    <plugins>
        <plugin>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-maven-plugin</artifactId>
        </plugin>
    </plugins>
</build>

Answers

  • nram
    nram Member, Employee Posts: 78 Solace Employee

    Hi @Monica Gavali , Whats the Queue owner and whats the client-user you are trying to connect to?

    As the error suggests, you are attempting to connect to as non-owner and the the queue is not provisioned to allow that. You have two options.
    1. Find out the queue owner and connect as that client-user.
    2. Change the other permissions on the queue to "Consume"

  • Monica Gavali
    Monica Gavali Member Posts: 17

    Hi @nram

    I tried 2nd solution ie Change the other permissions on the queue to "Consume"
    My observation for Consume permission is - Once we give consume permission to the queue and connected from application, application is able to read the messages from queue .... but later if we restart the application, then after restart application throwa same error
    logs -

    2021-10-04 16:55:33.085 WARN 22236 --- [ main] c.s.s.c.s.b.p.SolaceQueueProvisioner : Failed to provision durable queue GMMO.UCTRADE.DSLT01

    com.solacesystems.jcsmp.PropertyMismatchException: Permission mismatch. (ALL_OTHERS_PERMISSIONS mismatch, expected=0)

  • nram
    nram Member, Employee Posts: 78 Solace Employee

    Thats strange .. Do you see the other-permission on the queue reset to 0000 after your application connects?

  • amackenzie
    amackenzie Member, Employee Posts: 112 Solace Employee

    How did you set the queue permissions? Manager? CLI?

  • Monica Gavali
    Monica Gavali Member Posts: 17

    Below way i am using to set permissions to from SolaceAdmin UI .

    on solace Admin , shut down queue then -> right click on queue (GMMO.UCTRADE.DSLT01) -> Edit Queue -> select permission for ALL OTHER PERMISSIONS -> click on OK
    then start the queue by right click->Change Admin status ->Enable

  • Monica Gavali
    Monica Gavali Member Posts: 17

    @marc - could you help in above issue

  • nram
    nram Member, Employee Posts: 78 Solace Employee

    @Monica Gavali can you check the queue permissions (Queue|Settings) between two runs of your application?

  • marc
    marc Member, Administrator, Moderator, Employee Posts: 584 admin
    edited October 4 #9

    @Monica Gavali
    Definitely interesting that it works the first time and fails the second time. If this is a pre-existing queue I would also try to set provisionDurableQueue to false and see if that helps. When that is set to true the solace cloud stream binder might be trying to do some provisioning which doesn't fall under the consume permissions. Besides if it's pre-existing there is no need to provision it :)

  • Monica Gavali
    Monica Gavali Member Posts: 17

    @nram - yes, i checked queue permissions between two run . it didn't change same as CONSUME

  • Monica Gavali
    Monica Gavali Member Posts: 17

    @marc -
    Tried provisionDurableQueue **to false** below is observation :-

    CASE I : provisionDurableQueue : false and queue ALL OTHER PERMISSIONS : No permission(default permission)

    Got below error on applictaion start -
    2021-10-05 11:02:25.542 INFO 2104 --- [ main] c.s.s.c.s.b.p.SolaceQueueProvisioner : Durable queue provisioning is disabled, GMMO.UCTRADE.DSLT01 will not be provisioned nor will its configuration be validated
    2021-10-05 11:02:25.543 INFO 2104 --- [ main] c.s.s.c.s.b.p.SolaceQueueProvisioner : Testing consumer flow connection to queue GMMO.UCTRADE.DSLT01 (will not start it)
    2021-10-05 11:02:25.744 ERROR 2104 --- [ main] o.s.cloud.stream.binding.BindingService : Failed to create consumer binding; retrying in 30 seconds

    org.springframework.cloud.stream.binder.BinderException: Exception thrown while starting consumer:
    at org.springframework.cloud.stream.binder.AbstractMessageChannelBinder.doBindConsumer(AbstractMessageChannelBinder.java:462) ~[spring-cloud-stream-3.1.4.jar:3.1.4]
    Caused by: com.solacesystems.jcsmp.AccessDeniedException: Permission Not Allowed

    CASE II : provisionDurableQueue: false and queue ALL OTHER PERMISSIONS : consume

    1. on first run application reads msg from queue
    2. after application restart throwing exception as -

    org.springframework.cloud.stream.binder.BinderException: Exception thrown while starting consumer:
    at org.springframework.cloud.stream.binder.AbstractMessageChannelBinder.doBindConsumer(AbstractMessageChannelBinder.java:462) ~[spring-cloud-stream-3.1.4.jar:3.1.4]

    Caused by: com.solacesystems.jcsmp.AccessDeniedException: Permission Not Allowed - Queue 'GMMO.UCTRADE.DSLT01' - Topic 'GMMO.UCTRADE.DSLT01'
    at com.solacesystems.jcsmp.impl.SessionModeSupportClient.performSmpReq(SessionModeSupportClient.java:278) ~[sol-jcsmp-10.10.0.jar:na]

  • Monica Gavali
    Monica Gavali Member Posts: 17

    application.yml

    spring:
    cloud:
    stream:
    function:
    definition: functionUsingTargetDestHeader
    bindings:
    functionUsingTargetDestHeader-in-0:
    destination: GMMO.UCTRADE.DSLT01
    group: SINK
    functionUsingTargetDestHeader-out-0:
    destination: default
    binders:
    local-solace:
    type: solace
    environment:
    solace:
    java:
    host: host01
    msgVpn: msgVpn01
    clientUsername: clientUsername01
    clientPassword: clientPassword01
    solace:
    bindings:
    functionUsingTargetDestHeader-in-0:
    consumer:
    provisionDurableQueue: false
    queueNamePrefix: ""
    useFamiliarityInQueueName: false
    useDestinationEncodingInQueueName: false
    useGroupNameInQueueName: false
    server:
    port: 8082

  • Monica Gavali
    Monica Gavali Member Posts: 17

    <?xml version="1.0" encoding="UTF-8"?>

    4.0.0

    org.springframework.boot
    spring-boot-starter-parent
    2.5.5


    com.poc
    consumer
    0.0.3-SNAPSHOT
    consumer
    Demo project for Spring Boot

    <java.version>1.8</java.version>
    <spring-cloud.version>2020.0.4</spring-cloud.version>
    <solace-spring-cloud-bom.version>2.1.0</solace-spring-cloud-bom.version>




    org.springframework.cloud
    spring-cloud-dependencies
    ${spring-cloud.version}
    pom
    import


    com.solace.spring.cloud
    solace-spring-cloud-bom
    2.1.0
    pom


    <dependencies>
        <dependency>
          <groupId>com.solace.spring.cloud</groupId>
          <artifactId>spring-cloud-starter-stream-solace</artifactId>
          <version>3.1.0</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <dependency>
            <groupId>org.projectlombok</groupId>
            <artifactId>lombok</artifactId>
        </dependency>       
    </dependencies>
    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
            </plugin>
        </plugins>
    </build>
    

  • marc
    marc Member, Administrator, Moderator, Employee Posts: 584 admin

    Hi @Monica Gavali,

    This is the config that I believe you want

    CASE II : provisionDurableQueue: false and queue ALL OTHER PERMISSIONS : consume

    I'm not sure why the permissions seem to be changing. It shouldn't matter how many times you start/stop the app. Does your organization happen to have Solace support? If so I think it would best if you open a support ticket as they'll be quicker to get back with you and can spend more time troubleshooting in detail.

    Also as a heads up you can include all your code snippets with in between triple tics ``` that will make them easier to read :)