Pivotal Knowledge Base

Follow

Cannot publish message to RabbitMQ OnDemand Broker with error: "access to vhost '%2F' refused for user"

Environment

RabbitMQ for Pivotal Cloud Foundry: 1.8.0 - 1.8.7

Symptom

The customer is using the RabbitMQ OnDemand Broker and their application uses a URI containing string "%2F" for vhost. The following error is seen trying to publish a message to the Broker.

Error Message:

Application log reports:

=ERROR REPORT==== 2-May-2017::16:45:02 ===
Error on AMQP connection <0.15436.8> (10.236.180.38:54452 -> 10.236.181.21:5672, user: '9e47ac33-d9bb-4565-ba14-d5832544ff76', state: opening):
access to vhost '%2F' refused for user '9e47ac33-d9bb-4565-ba14-d5832544ff76'
=INFO REPORT==== 2-May-2017::16:45:02 ===
closing AMQP connection <0.15436.8> (10.236.180.38:54452 -> 10.236.181.21:5672)

Cause

This error is caused when the client spring-cloud-connectors library is not decoding the path component of the URI. This means that the client thinks the vhost is %2F instead of the value /. 

This formatting worked previously when using standard RabbitMQ service but is broken on the OnDemand Broker introduced in 1.8.x. If your applications are coded to use "%2F" in URI then they will encounter this error when using the OnDemand Broker.

You can also refer to the appendix examples of URI's for more details. 

Resolution

The workaround to this issue is to hardcode the vhost to "/" for amqp config in the application code rather than using "%2F" (See "Additional Information" below).

The code fix for this issue is available in the 1.8.8 release of RabbitMQ for PCF. This fix implements generating vhost names that do not have to go through a URI encode/decode filter.

Additionally, there will be a fix in a future version of Spring, such that spring-cloud-connectors properly decode the "%2F" string.

Additional Information 

This issue is referenced in RabbitMQ release notes

  • spring-boot client libraries cannot bind to dedicated instance services

Example of working URI

    “uri”: “amqp://72615876-b607-433f-a3d1-dde63ed1eb89:ndgouaetp8gmeubt9p68eoo76f@10.236.180.62:5672/d086c4c1-fe80-48fb-8439-f7298980f2a4",

Example of problematic URI

“port”: 5672,
“ssl”: false,
“uri”: “amqp://9e47ac33-d9bb-4565-ba14-d5832544ff76:DMi7ofNFfv1ymyI3WVapngT@10.236.181.21/%2F”,

Comments

Powered by Zendesk