qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chuck Rolke <cro...@redhat.com>
Subject Re: Dispatch access control policy - what is the idea behind applicationName?
Date Mon, 09 May 2016 17:33:49 GMT

----- Original Message -----
> From: "Jakub Scholz" <jakub@scholz.cz>
> To: users@qpid.apache.org
> Sent: Monday, May 9, 2016 11:57:10 AM
> Subject: Dispatch access control policy - what is the idea behind applicationName?
> After spending some time playing with the access control policies in
> Disptach, I'm wondering what is the idea behind the applicationName field.
> First I though that it is just a name for the policy ruleset wich I can
> choose as I want. But it seems to be connected to the hostname field in the
> OPEN frame. Unfortunately, it looks like different clients put different
> information into the hostname. E.g. the qpid-send / qpid-receive tools from
> the Qpid C++ broker installation don't set the hostname at all. The qdstat
> utility from dispatch seems to set it to the hostname it is connecting to.
> But it looks like the applicationName doesn't support wildcards. As a
> result, I need several different rulesets instead of having just one
> ruleset.
> Could someone explain to me how is it supposed to work? I din't found much
> about it in the documentation.

There is some explanation in qpid-dispatch/doc/notes/qdr-policy-01.pdf

An informal to-do list is in qdr-policy-todo.md. That includes your suggestion
of differentiating unauthorized-access from resource-limit-exceeded errors.
The to-do list was my working checklist while policy was still on a private
branch and every addition didn't need a jira. Today your suggestions should
go in as jiras so they don't get lost.

Regards and thanks,

> Thanks & Regards
> Jakub

To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org

View raw message