Hiram,
The Apollo User Manual states that:
If a configuration resource does not have an acl element defined
within it, then the resource allows access if the containing resource
would allow access to the action. If the action is not defined in the
containing resource then it allows anyone to access.
This inheritance rule looks very useful. In practice, it has limitations.
For instance, if I want to have a secured broker where sending and
receiving is denied by default, I could imagine having something like:
<acl>
<send deny="*"/>
<receive deny="*"/>
</acl>
at broker or virtual_host level. This would apply to all types of
destinations (queue, topic and dsub). Then I can allow some
destination explicitly later on.
However, this (currently) does not work because "send" or "receive" is
not allowed at broker or virtual_host level. At least, this is what
the User Manual and the XSD file tell me.
So, to achieve the same thing, I have to add something like:
<queue>
<acl>
<send deny="*"/>
<receive deny="*"/>
</acl>
</queue>
<topic>
<acl>
<send deny="*"/>
<receive deny="*"/>
</acl>
</topic>
<dsub>
<acl>
<send deny="*"/>
<receive deny="*"/>
</acl>
</dsub>
What do you think about extending what can be set at broker and
virtual_host level?
Cheers,
Lionel
