Hi Arnaud,
many thanks for your response.
If my take on this is correct, I can read the "listofactions" from each
message that is sent by an authenticated client as a metadata property
of that message?
This seems simple enough. I shall let you know what comes of this. :)
Best,
David
On 29. 04. 2016 23:25, Arnaud Kapp wrote:
Hello David,
> I sense, this part has to be addressed in libzmq and not in zmqpp,
but I’m not sure where.
In theory libzmq supports your use case. You'd have to write your own
ZAP handler manualy and return your metada as part of the ZAP reply (as
specified in ZRFC27)
You cannot use zmqpp::auth for this, it's not flexible enough.
> However, I see no way for accessing the additional parts of the ZAP
reply on my server.
Your "listofactions" metadata property would be available on any
messages from the matching client.
To retrieve a metadata/property from a message with zmqpp you can use:
msg.get_property("pname", out);
I know this works for the "Identity" property. Unless libzmq doesn't
implement it for generic properties, it should work.
Let us know how you fare.
On Fri, Apr 29, 2016 at 3:39 PM, David Jelenc
<[email protected] <mailto:[email protected]>> wrote:
According to http://rfc.zeromq.org/spec:27, the ZAP reply contains
several fields, including the metadata filed that can be used to
store additional data regarding the authenticating clients.
I’d like to use this filed to store some authorization data: the
idea is that, using ZAP, my server queries an AAA server that either
accepts or rejects the the connecting client. If the client is
accepted, the AAA also provides a list of actions the accepted
client is allowed to perform. I’d like to store this actions in the
metadata field of the ZAP reply.
I’m using zmqpp C++ bindings, where the metadata is currently
hardcoded to be empty
(https://github.com/zeromq/zmqpp/blob/develop/src/zmqpp/zap_request.cpp#L83).
However, this is easily addressed.
My main concern is now on the server side: where and how do I
process this metadata?
The API is such that if the ZAP reply contains status code 200 and a
OK message, the client is allowed to connect. However, I see no way
for accessing the additional parts of the ZAP reply on my server.
I sense, this part has to be addressed in libzmq and not in zmqpp,
but I’m not sure where.
Any help would be greatly appreciated.
Best,
David
_______________________________________________
zeromq-dev mailing list
[email protected] <mailto:[email protected]>
http://lists.zeromq.org/mailman/listinfo/zeromq-dev
--
Kapp Arnaud - Xaqq
_______________________________________________
zeromq-dev mailing list
[email protected]
http://lists.zeromq.org/mailman/listinfo/zeromq-dev
_______________________________________________
zeromq-dev mailing list
[email protected]
http://lists.zeromq.org/mailman/listinfo/zeromq-dev
