qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chuck Rolke <cro...@redhat.com>
Subject Re: Why does QPID create the exchange amq.direct?
Date Wed, 22 Aug 2012 15:11:26 GMT
Yes the docs need more work.

In the {bind, unbind, access} exchange case the routing key in the Acl rule is matched with
a simple wildcard.
In the {publish} exchange case it is matched with the simple wildcard (pre 0.20) or with topic
exchange matching (0.20 and later).

On further reflection in answering this question I believe that the topic exchange matching
should be applied to all the cases. If a user is permitted in an Acl rule to bind to an exchange
with routingkey=news.# then at run time he should be able to bind to news.this, news.that,
news, or news.northamerica.usa

Could you open a Jira for this issue and assign it to me?

-Chuck


----- Original Message -----
> From: "Jakub Scholz" <jakub@scholz.cz>
> To: users@qpid.apache.org
> Sent: Wednesday, August 22, 2012 10:20:54 AM
> Subject: Re: Why does QPID create the exchange amq.direct?
> 
> I think there are some misleading bugs in the docu ...
> 
> The Qpid 0.16 docu, in chapter 1.5.2.3. uses as example:
> acl allow guest@QPID bind exchange name=amq.topic
> routingkey=stocks.rht.#
> 
> (The same is also in MRG-M 2.1 docu chapter 11.2.3.)
> 
> Also the cwiki page you linked to seems to contain following example:
> acl allow guest@QPID bind exchange name=amq.topic
> routingkey=stocks.ibm.#  owner=self
> 
> Regards
> Jakub
> 
> On Wed, Aug 22, 2012 at 4:11 PM, Chuck Rolke <crolke@redhat.com>
> wrote:
> > A description of the C++ Broker (0.16) is in
> > https://cwiki.apache.org/qpid/acl.html
> > There is a table enumerating which Object/Action/Property
> > combinations are valid.
> >
> > In 0.14 through 0.18 the only wildcard allowed in an Acl rule is a
> > trailing '*'
> > when specifying a property. For example you can have
> >
> > acl allow all create queue name=T1.*
> >
> > A new feature that will be in 0.20 (it just missed 0.18) will be
> > the
> > specification of routing keys in topic exchange routing key format.
> > The same
> > syntax used at run-time is supported in the Acl specification of
> > routing keys:
> >
> > acl allow-log uMixed1@COMPANY publish exchange name=X
> > routingkey=*.x.#.y
> >
> > For 0.18 and earlier routing keys is Acl files may only have a
> > trailing '*'.
> >
> > See source tree qpid/cpp/src/tests/acl.py for a bunch of acl
> > example specifications.
> >
> > -Chuck
> >
> >
> > ----- Original Message -----
> >> From: "holger" <holger.caesar@credit-suisse.com>
> >> To: users@qpid.apache.org
> >> Sent: Wednesday, August 22, 2012 8:29:17 AM
> >> Subject: Re: Why does QPID create the exchange amq.direct?
> >>
> >> One more thing: Now I setup the inverse, a test for topics "T.1.1"
> >> to
> >> "T.4.4"
> >> where I try to figure out the minimum settings. To my amusement I
> >> now
> >> also
> >> require the permission to create a queue. If I allow all queues,
> >> it
> >> works.
> >> If I try to limit it to the actual queue, it doesn't.
> >> I tried adding "name=T.#", "routingkey=T.#", "queuename=T.#". No
> >> results.
> >>
> >> Can you tell me, why this queue is needed and what its name
> >> actually
> >> is?
> >>
> >> I think it would be very useful for the users if the User Guide
> >> also
> >> mentioned for which keyword (such as queue) you can use which
> >> attribute
> >> (such as passive). Many users probably don't know whether they are
> >> binding/creating/consuming a queue or an exchange..
> >>
> >> Regards,
> >> Holger
> >>
> >>
> >>
> >> --
> >> View this message in context:
> >> http://qpid.2158936.n2.nabble.com/Why-does-QPID-create-the-exchange-amq-direct-tp7581190p7581197.html
> >> Sent from the Apache Qpid users mailing list archive at
> >> Nabble.com.
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
> >> For additional commands, e-mail: users-help@qpid.apache.org
> >>
> >>
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
> > For additional commands, e-mail: users-help@qpid.apache.org
> >
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
> For additional commands, e-mail: users-help@qpid.apache.org
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org


Mime
View raw message