qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jakub Scholz <ja...@scholz.cz>
Subject Re: Creating a queue and bindings from an address in qpid.messaging / AMQP 1.0
Date Thu, 08 Aug 2013 15:09:21 GMT
Sure, why not. Currently we also don't have any named subscriptions based
on user ID with 0.10 - only named queues and we never had a problem with it.

In the ATTACH command, the client sends only the link name from the
address. Can't we leave the link names as they are right now (i.e.
container-id + link name), but name the queue only by the link name and
leave the container id out of it? The queue names are well protected by
existing ACL rules and every user can easily specify it in the address. The
problem with the uniqueness of the queue name will be left to the user, but
that will be not different from creating the queues from the address in
AMQP 0.10.


PS: I tried to connect twice a client with the same container ID & link
name ... the client gets exception about exclusive queue which already has
an consumer. But what is more important, the broker crashes. I guess I can
enter another JIRA ...

On Thu, Aug 8, 2013 at 4:34 PM, Gordon Sim <gsim@redhat.com> wrote:

> On 08/08/2013 02:07 PM, Jakub Scholz wrote:
>> What about keeping the UUID but prefixing it with any authenticated
>>> userid? That at least means the userid will by default be in the
>>> subscription queue names (and easily deducible from container-id), but by
>>> default will always be unique also.
>>>  That is definitely better than UUID only.
>>>   I'm also wondering whether this isn't also a question of 100 people
>>> having
>>>> 100 opinions - we might have problem finding something what would fit
>>>> everyone.
>>> Indeed. However we are only talking about the default. An explicit scheme
>>> can always be used by setting the connection option. Obviously this
>>> requires clients to adhere to some defined scheme. That seems unavoidable
>>> (but would be nice to be able to use ACL to enforce it perhaps, i.e.
>>> restrict use of particular container id patterns by user?)
>>>  Yes, that would be very nice. In relation to the default container
>> naming
>> as suggested above, without the ACL you can easily "fake" the container
>> name to another user.
> Maybe the container id is the wrong thing to focus on. Maybe I should
> change the naming scheme for the subscriptions queues to be
> userid.container-id.link-name? That way there is no way to fake the
> association to user in the queue name, and from your original mail it
> sounds like that might be the most important part?
> ------------------------------**------------------------------**---------
> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.**org<users-unsubscribe@qpid.apache.org>
> For additional commands, e-mail: users-help@qpid.apache.org

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message