Hi,
to anyone who may also want to encode metadata to ZAP replies (to be
later used--for instance--for authorization purposes) -- Arnaud's
suggestion works great.
(The idea is for the ZAP handler to write authorization data into
metadata field which is later available on every message coming from the
authenticated client in the form of a message property.)
I have a follow up question that is more ZAP related: besides the fields
defined in ZRFC27, is there any other client data I can access? Like the
port to which the client connected or the type of client's socket?
My ZAP handler authenticates several sockets and I'd like to have
separate logic in my ZAP handler depending on the socket type. (I'm
asking about the port number, because I can infer the socket type from it.)
Best,
David
On 29. 04. 2016 23:25, Arnaud Kapp wrote:
Hello David,
> I sense, this part has to be addressed in libzmq and not in zmqpp,
but I’m not sure where.
In theory libzmq supports your use case. You'd have to write your own
ZAP handler manualy and return your metada as part of the ZAP reply (as
specified in ZRFC27)
You cannot use zmqpp::auth for this, it's not flexible enough.
> However, I see no way for accessing the additional parts of the ZAP
reply on my server.
Your "listofactions" metadata property would be available on any
messages from the matching client.
To retrieve a metadata/property from a message with zmqpp you can use:
msg.get_property("pname", out);
I know this works for the "Identity" property. Unless libzmq doesn't
implement it for generic properties, it should work.
Let us know how you fare.
On Fri, Apr 29, 2016 at 3:39 PM, David Jelenc
<[email protected] <mailto:[email protected]>> wrote:
According to http://rfc.zeromq.org/spec:27, the ZAP reply contains
several fields, including the metadata filed that can be used to
store additional data regarding the authenticating clients.
I’d like to use this filed to store some authorization data: the
idea is that, using ZAP, my server queries an AAA server that either
accepts or rejects the the connecting client. If the client is
accepted, the AAA also provides a list of actions the accepted
client is allowed to perform. I’d like to store this actions in the
metadata field of the ZAP reply.
I’m using zmqpp C++ bindings, where the metadata is currently
hardcoded to be empty
(https://github.com/zeromq/zmqpp/blob/develop/src/zmqpp/zap_request.cpp#L83).
However, this is easily addressed.
My main concern is now on the server side: where and how do I
process this metadata?
The API is such that if the ZAP reply contains status code 200 and a
OK message, the client is allowed to connect. However, I see no way
for accessing the additional parts of the ZAP reply on my server.
I sense, this part has to be addressed in libzmq and not in zmqpp,
but I’m not sure where.
Any help would be greatly appreciated.
Best,
David
_______________________________________________
zeromq-dev mailing list
[email protected] <mailto:[email protected]>
http://lists.zeromq.org/mailman/listinfo/zeromq-dev
--
Kapp Arnaud - Xaqq
_______________________________________________
zeromq-dev mailing list
[email protected]
http://lists.zeromq.org/mailman/listinfo/zeromq-dev
_______________________________________________
zeromq-dev mailing list
[email protected]
http://lists.zeromq.org/mailman/listinfo/zeromq-dev
