[
https://issues.apache.org/jira/browse/DISPATCH-8?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15491428#comment-15491428
]
Chuck Rolke commented on DISPATCH-8:
------------------------------------
To enable this feature then a new field is added to the *vhost* policy object.
There's a choice between:
# one setting for all vhosts. The setting is a peer of
'policy.enableVhostPolicy'.
# one setting for each vhost. The setting is a peer of "vhost.allowUnknownUser".
# one setting for each vhost user group. The setting is a peer of
'vhostUserGroupSettings.allowAnonymousSender. Messages from an 'admin' group
could go unchecked but those from 'user' group could be checked.
I favor Option 2 one setting for each vhost. Option 1 is too coarse and Option
3 would be confusing if some users were checked and others were not.
> Message:user-id must be authenticated on ingress
> ------------------------------------------------
>
> Key: DISPATCH-8
> URL: https://issues.apache.org/jira/browse/DISPATCH-8
> Project: Qpid Dispatch
> Issue Type: Bug
> Affects Versions: 0.1
> Reporter: Ted Ross
> Assignee: Chuck Rolke
> Priority: Critical
> Fix For: 0.7.0
>
>
> When a message is received on an ingress link (i.e. from an originating
> endpoint) and the message has a user-id field in its properties, that user-id
> must be authenticated.
> At first, this means that the user-id must be the same as that which was used
> to authenticate the connection.
> There may be other means of authenticating user-ids in the future, but
> Dispatch must not simply pass them on unchecked.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
