qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jakub Scholz <ja...@scholz.cz>
Subject Re: authentication information within the message
Date Sun, 16 Dec 2012 20:47:59 GMT
Hi Matjaž,

ad Q1) I believe that the message has an property user-id which is assigned
to the message by the client application and verified by the broker when it
receives the message. If the user-id doesn't match the user-id of the
authenticated user (i.e. the sender), the broker will throw an exception
like this:

2012-05-16 11:11:33 error Execution exception: unauthorized-access:
authorised user id : user1@QPID9700 but user id in message declared as
ILADDRESS=jakub@mail.scholz.cz (qpid/broker/SemanticState.cpp:475)

ad Q2) The sender needs just to be able to publish to the exchange. It
doesn't need to be able to have any access rights to the queue where the
message gets routed.

ad Q3) There are some features which add some specific attributes (e.g. the
message sequencing). But you cannot configure the broker to add some custom
attributes.

Regards
Jakub


On Sun, Dec 16, 2012 at 7:08 PM, Matjaž Ostroveršnik <
Matjaz.Ostroversnik@halcom.si> wrote:

>  Hi all,****
>
> ** **
>
> Thank you for the answers on my previous questions.****
>
> ** **
>
> Q1:****
>
> Assume that I have several users supplying messages into one queue (or
> exchange, it does not matter). They all have corresponding ACLs set, so
> that they can do it.****
>
> How can I, on a reliable way, know who actually supplied the message? I
> know that users/clients can add attribute (i.e. sender), but this is not a
> reliable way, since user A can in the message attribute claim that it is a
> user B.****
>
> ** **
>
> Is there a way that the data of the authenticated user is appended by the
> client side infrastructure as an attribute to the message? Something as it
> is provided, if using the https protocol?****
>
> ** **
>
> Q2:****
>
> We have an exchange with queues behind. Assume that we have users which
> are allowed to insert the messages into the exchange. Do I need to define
> ACL for the corresponding queues?****
>
> ** **
>
> Q3:****
>
> Is there a way to add an additional attribute to the message during the
> routing process from the exchange to a proper queue?****
>
> ** **
>
> Q4:****
>
> Is there some feature roadmap for the future releases? (e.g. 0.20, 0.22,
> etc.)****
>
> ** **
>
> Thanks in advance****
>
> ** **
>
> Matjaž****
>
> ** **
>
> ** **
>
> *dr. Matjaž Ostroveršnik*
> direktor / Director
> Poslovno področje Klirinški sistemi / Business Unit Clearing Systems****
>
> ** **
>    ------------------------------
>
> ****
>
> *Halcom d.d.*
> Tržaška cesta 118,
> 1000 Ljubljana, Slovenija
> www.halcom.si ****
>
> Matjaz.Ostroversnik@halcom.si
> T: +386 1 2003352
> F: +386 1 2003356
> M: +386 31 307983 ****
>    ------------------------------
>
> P ****
>
> Pomislite na okolje, preden natisnete to sporočilo.
> Consider the environment before printing this e-mail.****
>
> ** **
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message