qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Cajus Pollmeier <ca...@naasa.net>
Subject ACL exploration
Date Mon, 05 Sep 2011 09:28:22 GMT
Hi all,

I'm currently stumbling with creating proper ACLs for my needs - maybe 
there's someone who can throw some light on it :-)

Let there be an eventing mechanism using the build in XML exchange. 
It's used as "foo.bar". Messages sent there have the routing key 
"event". After some tries (looks like nested groups don't work like 
shown in the documentation and the keywords allow-log/deny-log do not 
work) I ended up with this not working definition:

group event-publisher test@QPID
group event-consumer test@QPID

acl allow event-publisher all queue name=foo.bar
acl allow event-publisher all exchange name=foo.bar
acl allow event-publisher publish exchange name=foo.bar 

acl allow event-consumer all queue name=event-listener-* exclusive=true
acl allow event-consumer consume exchange name=foo.bar routingkey=event 

Something with the "*" is not working like I was hoping. Does it only 
extend the dot seperated notation? qpidd claims:

2011-09-05 11:25:24 debug ACL: name 
'event-listener-19ebd276-1ad7-4637-87bb-4fbd8fb56ddb' didn't match with 
name 'foo.bar' given in the rule
2011-09-05 11:25:24 debug No successful match, defaulting to the 
decision mode deny

The consumer uses this address definition in python:

         domain = 'foo.bar'
         queue = 'event-listener-%s' % uuid4()
         address = """%s; {
             create: always,
             delete: always,
             link: {
                 x-bindings: [
                             exchange: '%s',
                             queue: %s,
                             key: event,
                             arguments: { xquery: %r}
             }""" % (queue, domain, queue, xquery)

What would be the recommended way to do this?


Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org

View raw message