Hi all Some work here on QPID-3641 has provoked a discussion about the correct way to write ACLV2 rules to permission the default exchange. The ACLV2 documentatuion seems to say nothing on the subject.
As the default exchange is internal to the Broker, effectively acting as a global registry for all queues with binds/unbinds managed within the broker, the user has no reason to write BIND, UNBIND, CREATE or DELETE rules for the internal exchange. However, the user may wish to write PUBLISH rules for default exchange. How are these expressed? Suppose I wanted to stop guest publishing to the default exchange. The following won't work as it violates the BNF for ACLv (and is correctly rejected by both Brokers): ACL DENY guest PUBLISH EXCHANGE name= The best I can think of,within the restrictions of ACLV2 format, it to enumerate all named exchanges allowing, then add a deny all, but this seems very longwinded. ACL ALLOW guest PUBLISH EXCHANGE name=amq.direct ACL ALLOW guest PUBLISH EXCHANGE name=amq.topic .... ACL DENY guest PUBLISH EXCHANGE How is the CPP Broker handling this? I took a look through the CPP tests and couldn't find anything illustrating how this would be done. Thanks in advance, Keith. --------------------------------------------------------------------- Apache Qpid - AMQP Messaging Implementation Project: http://qpid.apache.org Use/Interact: mailto:[email protected]
