Closed dhirajkumar94 closed 3 years ago
@YoEight could you please help
Did you try with the latest version of the client (version 1.0.0
)?
When that exception happens, is it when you create the persistent subscription or when you try to subscribe to it?
I also going to ask questions you didn't answer in a previous issue similar to this one:
When you try to create your persistent subscription, do you see a line in the server log resembling something like this:
Failed authorization check for {identity} in {duration} with {evaluationResult} ?
Did you change the default ACLs in your cluster?
When creating a persistent subscription, the authenticated user needs to also have read access on the target stream.
We're seeing the same issue.
The server logs:
Apr 22 08:52:01 event-store-cqrs bash[13640]: [13640, 9,08:52:01.777,WRN] Failed authorization check for "(anonymous)" in 00:23:07.2419626 with "subscriptions : process p: {streamId : $ce-customer#0} Deny : Policy : Legacy 1 12/31/9999 23:59:59 +00:00 : match:authenticated:Deny, $"
The issue is that we did pass the admin username/password when creating the client.
I tried the same API for the C# client, which works without problems.
Seems like a Java client bug
Ok I actually found the bug.
In the DBClient (non-persistent) there's a step to authenticate the default credential if none is specified in the options:
https://github.com/EventStore/EventStoreDB-Client-Java/blob/f8f86592c485169de1fe3e22b9bde2e2c592193c/db-client-java/src/main/java/com/eventstore/dbclient/EventStoreDBClient.java#L91
That step doesn't exist in the EventStoreDBPersistentSubscriptionsClient
class.
I can fix it with
var options = CreatePersistentSubscriptionOptions.get().settings(settings);
options.authenticated(new UserCredentials("my-user", "my-password"));
But the client should automatically add credentials if it already takes the default credential settings.
I think this was not detected in the unit tests because the unit tests only tested non-secure connections.
@huyhoangepay CreatePersistentSubscriptionOptions doesn't accept PersistentSubscriptionListener as an parameter. I am using SubscribePersistentSubscriptionOptions to create a persistence subscription but getting the error message "UNAVAILABLE: Network closed for unknown reason"
A patch is now available on master.
Thanks @huyhoangepay and @dhirajkumar94 for your investigations!
The patch is available on the latest snapshot version of the client if you are interested: https://github.com/EventStore/EventStoreDB-Client-Java/issues/68#issuecomment-827502978
I will check it out shortly
Hi,
I am trying to create a listener using a persistent subscription client but getting error "PERMISSION_DENIED: Access Denied" even though I am getting stream events using a regular client.
The following code is not working and I am getting "Access Denied":
The following code is working and I can fetch the events:
I am even able to create a persistent subscription by calling eventstore api endpoint:
/subscriptions/{stream}/{subscription_name}
Response
And I can also read a stream via a Persistent Subscription (but only able to see eventType, data is missing):
/subscriptions/{stream}/{subscription}/{count}?embed={embed}
Response:
Full Stacktrace:
I'm using the following dependency: