Carl Trieloff wrote:
Martin Ritchie wrote:
2008/9/17 Carl Trieloff <[EMAIL PROTECTED]>:
http://cwiki.apache.org/qpid/acl.html
I am going to replace bind/unbind with create/delete in ACL file
format.
Mail to serve as FYI notification as they are equivalent.
Carl.
Hi Carl,
Just catching up on all my emails after a nice long break :)
Are you also going to add a new object for bindings so you
'create/delete binding'? Can you give us an example of a before and
after ACL entry?
Also noticed your update to the ACL page:
[EMAIL PROTECTED]
is the '@QPID' some namespace definition? Currently the Java broker
takes the username token to be the value provided by the client
connection. IIRC you can't have an @ in the AMQP username.
Cheers
Martin
Martin,
I have not made that change yet as I was debating it a bit. But the
idea would be to add an
object called a binding. In thinking it through it is not entirely
functionally equivalent so
I backed out of the change.
Have the operations on exchange means that you can generically lock
down an exchange and
not have to apply ACL to all the binding objects. so unless I can
figure the above use case
I think it is better to leave it as it is
On the @ identifier, that is [EMAIL PROTECTED] /realm. So yes it is the
Userid as supplied
when using SASL with the domain not stripped. (for Cyrus)
You say you can't have an @, is that in the spec? If so that is a bug
in the spec. It is needed
for kerberos or any domained security model.
Carl.
One added option is to assume default domain if no domain is specified...
Carl.
