Hey David, Glad to have confirmation that this works :)
Regarding your follow-up question, I do not know. I can however offer a potential workaround. I don't like it very much tho. We know that the ZAP handler bind on "inproc://". Inproc is context specific. This means that if you have 2 different zeroMQ contexts, you can have 2 different handlers. You could then group up socket by type in a context, and have different handler for the 2 contexts. Now, I said I don't like that very much. I don't know the impact (on performance) of having multiple context. I would guess it's negligible though. Depending on how your code works, it may be annoying for you to keep reference to 2 (or more) contexts. I do think that a patch to libzmq improving the behavior and exposing more informations has a good chance to be accepted. On Sun, May 8, 2016 at 10:50 PM, David Jelenc <[email protected]> wrote: > Hi, > > to anyone who may also want to encode metadata to ZAP replies (to be later > used--for instance--for authorization purposes) -- Arnaud's suggestion > works great. > > (The idea is for the ZAP handler to write authorization data into metadata > field which is later available on every message coming from the > authenticated client in the form of a message property.) > > I have a follow up question that is more ZAP related: besides the fields > defined in ZRFC27, is there any other client data I can access? Like the > port to which the client connected or the type of client's socket? > > My ZAP handler authenticates several sockets and I'd like to have separate > logic in my ZAP handler depending on the socket type. (I'm asking about the > port number, because I can infer the socket type from it.) > > Best, > David > > On 29. 04. 2016 23:25, Arnaud Kapp wrote: > >> Hello David, >> >> > I sense, this part has to be addressed in libzmq and not in zmqpp, >> but I’m not sure where. >> >> In theory libzmq supports your use case. You'd have to write your own >> ZAP handler manualy and return your metada as part of the ZAP reply (as >> specified in ZRFC27) >> You cannot use zmqpp::auth for this, it's not flexible enough. >> >> > However, I see no way for accessing the additional parts of the ZAP >> reply on my server. >> >> Your "listofactions" metadata property would be available on any >> messages from the matching client. >> To retrieve a metadata/property from a message with zmqpp you can use: >> msg.get_property("pname", out); >> >> I know this works for the "Identity" property. Unless libzmq doesn't >> implement it for generic properties, it should work. >> Let us know how you fare. >> >> On Fri, Apr 29, 2016 at 3:39 PM, David Jelenc >> <[email protected] <mailto:[email protected]>> wrote: >> >> According to http://rfc.zeromq.org/spec:27, the ZAP reply contains >> several fields, including the metadata filed that can be used to >> store additional data regarding the authenticating clients. >> >> I’d like to use this filed to store some authorization data: the >> idea is that, using ZAP, my server queries an AAA server that either >> accepts or rejects the the connecting client. If the client is >> accepted, the AAA also provides a list of actions the accepted >> client is allowed to perform. I’d like to store this actions in the >> metadata field of the ZAP reply. >> >> I’m using zmqpp C++ bindings, where the metadata is currently >> hardcoded to be empty >> ( >> https://github.com/zeromq/zmqpp/blob/develop/src/zmqpp/zap_request.cpp#L83 >> ). >> However, this is easily addressed. >> >> My main concern is now on the server side: where and how do I >> process this metadata? >> >> The API is such that if the ZAP reply contains status code 200 and a >> OK message, the client is allowed to connect. However, I see no way >> for accessing the additional parts of the ZAP reply on my server. >> >> I sense, this part has to be addressed in libzmq and not in zmqpp, >> but I’m not sure where. >> >> Any help would be greatly appreciated. >> >> Best, >> David >> _______________________________________________ >> zeromq-dev mailing list >> [email protected] <mailto:[email protected]> >> http://lists.zeromq.org/mailman/listinfo/zeromq-dev >> >> >> >> >> -- >> Kapp Arnaud - Xaqq >> >> >> _______________________________________________ >> zeromq-dev mailing list >> [email protected] >> http://lists.zeromq.org/mailman/listinfo/zeromq-dev >> >> _______________________________________________ > zeromq-dev mailing list > [email protected] > http://lists.zeromq.org/mailman/listinfo/zeromq-dev > -- Kapp Arnaud - Xaqq
_______________________________________________ zeromq-dev mailing list [email protected] http://lists.zeromq.org/mailman/listinfo/zeromq-dev
