From issues-return-28998-archive-asf-public=cust-asf.ponee.io@activemq.apache.org  Thu May 31 10:38:06 2018
Return-Path: <issues-return-28998-archive-asf-public=cust-asf.ponee.io@activemq.apache.org>
X-Original-To: archive-asf-public@cust-asf.ponee.io
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by mx-eu-01.ponee.io (Postfix) with SMTP id D2C50180632
	for <archive-asf-public@cust-asf.ponee.io>; Thu, 31 May 2018 10:38:05 +0200 (CEST)
Received: (qmail 46676 invoked by uid 500); 31 May 2018 08:38:04 -0000
Mailing-List: contact issues-help@activemq.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:issues-help@activemq.apache.org>
List-Unsubscribe: <mailto:issues-unsubscribe@activemq.apache.org>
List-Post: <mailto:issues@activemq.apache.org>
List-Id: <issues.activemq.apache.org>
Reply-To: dev@activemq.apache.org
Delivered-To: mailing list issues@activemq.apache.org
Received: (qmail 46667 invoked by uid 99); 31 May 2018 08:38:04 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 31 May 2018 08:38:04 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id 21A5EC0100
	for <issues@activemq.apache.org>; Thu, 31 May 2018 08:38:04 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: -109.501
X-Spam-Level:
X-Spam-Status: No, score=-109.501 tagged_above=-999 required=6.31
	tests=[ENV_AND_HDR_SPF_MATCH=-0.5, KAM_ASCII_DIVIDERS=0.8,
	RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, USER_IN_DEF_SPF_WL=-7.5,
	USER_IN_WHITELIST=-100] autolearn=disabled
Received: from mx1-lw-us.apache.org ([10.40.0.8])
	by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024)
	with ESMTP id 3ewimycfIUgb for <issues@activemq.apache.org>;
	Thu, 31 May 2018 08:38:02 +0000 (UTC)
Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139])
	by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id B55DD5F3E3
	for <issues@activemq.apache.org>; Thu, 31 May 2018 08:38:01 +0000 (UTC)
Received: from jira-lw-us.apache.org (unknown [207.244.88.139])
	by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id D1577E0239
	for <issues@activemq.apache.org>; Thu, 31 May 2018 08:38:00 +0000 (UTC)
Received: from jira-lw-us.apache.org (localhost [127.0.0.1])
	by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 4396D20EAB
	for <issues@activemq.apache.org>; Thu, 31 May 2018 08:38:00 +0000 (UTC)
Date: Thu, 31 May 2018 08:38:00 +0000 (UTC)
From: "ASF GitHub Bot (JIRA)" <jira@apache.org>
To: issues@activemq.apache.org
Message-ID: <JIRA.13162234.1527345381000.71830.1527755880213@Atlassian.JIRA>
In-Reply-To: <JIRA.13162234.1527345381000@Atlassian.JIRA>
References: <JIRA.13162234.1527345381000@Atlassian.JIRA> <JIRA.13162234.1527345381351@jira-lw-us.apache.org>
Subject: [jira] [Commented] (ARTEMIS-1890) # any-word wildcard doesn't match
 zero words if not used at the end of a wildcard expression
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


    [ https://issues.apache.org/jira/browse/ARTEMIS-1890?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16496267#comment-16496267 ] 

ASF GitHub Bot commented on ARTEMIS-1890:
-----------------------------------------

Github user jostbg commented on the issue:

    https://github.com/apache/activemq-artemis/pull/2113
  
    @clebertsuconic We are using Artemis as a fast event/message bus for AMQP communication between (micro-)services developed and operated by different organizational units.
    Each service has it's own LDAP managed login credentials. We allow all services with LDAP Ids below certain organizational units (base DNs) to access the broker.
    Thus we do not manually grant access to the broker on a per-service/per-application basis.
    
    The functional requirement we are faced with is that a service shall be able to send multicast messages while maintaining control over which other services are able to read those messages.
    Since there is no finite set of services that are accessing the broker and services shall be able to specify adressees on a per-message base we cannot work with pre-configured ACL-secured addresses/queues. 
    
    In ActiveMQ 5.x we could maybe setup something involving a `MessageAuthorizationPolicy.isAllowedToConsume` but this feature is [not yet available](https://issues.apache.org/jira/browse/ARTEMIS-1884) in Artemis.
    
    So we came up with a system that involves topic based wildcard routing, auto-created addresses/queues and a custom Artemis plugin that performs ACLs checks on address/queue access.
    
    It works as follows: 
    A service is allowed to send multicast messages to other services by publishing to addresses following the naming convention `topics.<someTopicName>.for.<serviceId1>.<serviceId2>...` where `serviceId1`, `serviceId2` etc are the LDAP authenticated usernames of the services that are allowed to read the message. 
    Each service that can access the broker has the right to subscribe to addresses following the naming convention `topics.<someTopicName>.for.#.<myAuthenticatedUsername>.#` to receive messages addressed to it where `myAuthenticatedUsername` is it's own LDAP id.
    
    This means, if a `serviceA` wants to send information about a newly created contract to `serviceB` and `serviceC` it publishes a message to the address `topics.contracts.for.serviceB.serviceC`. `serviceB` subscribes to `topics.contracts.for.#.serviceB.#` to receive all contracts related messages addressed to it. If `serviceB` then wants to send invoice information to `serviceA` and `serviceB` it would publishes a message to `topics.invoices.for.serviceA.serviceC`.
    
    The only missing piece for us atm is that `#` must always be interpreted as `zero-or-more` words as stated in the documentation otherwise services will not be able to receive messages in all cases.
    
    For performance/resources reasons and simplicity of scaling/operations/maintenance we do not want to introduce another more sophisticated external routing component like camel as the setup I described fulfills our requirements.



> # any-word wildcard doesn't match zero words if not used at the end of a wildcard expression
> --------------------------------------------------------------------------------------------
>
>                 Key: ARTEMIS-1890
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-1890
>             Project: ActiveMQ Artemis
>          Issue Type: Bug
>          Components: Broker
>    Affects Versions: 2.6.0
>            Reporter: Johan Stenberg
>            Priority: Major
>         Attachments: Artemis1890_AnyWordWildCard_Test.java
>
>
> [https://activemq.apache.org/artemis/docs/latest/wildcard-syntax.html] states that the {{#}} wildcard character means _"match any sequence of *zero* or more words"_. This however is only true if the wild card is the last character in a wildcard expression. If any word comes after the wildcard character then the actual behavior is _"match any sequence of *one* or more words"_
> This means, the pattern {{topics.#.FOO}} matches {{topics.abc.FOO}} but not {{topics.FOO}}
> I am attaching a test case.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)