2008/9/24 Carl Trieloff <[EMAIL PROTECTED]>: > Martin Ritchie wrote: >> >> 2008/9/17 Carl Trieloff <[EMAIL PROTECTED]>: >> >>> >>> http://cwiki.apache.org/qpid/acl.html >>> >>> I am going to replace bind/unbind with create/delete in ACL file format. >>> >>> Mail to serve as FYI notification as they are equivalent. >>> Carl. >>> >> >> Hi Carl, >> >> Just catching up on all my emails after a nice long break :) >> >> Are you also going to add a new object for bindings so you >> 'create/delete binding'? Can you give us an example of a before and >> after ACL entry? >> >> Also noticed your update to the ACL page: >> >> [EMAIL PROTECTED] >> >> is the '@QPID' some namespace definition? Currently the Java broker >> takes the username token to be the value provided by the client >> connection. IIRC you can't have an @ in the AMQP username. >> >> Cheers >> >> Martin >> >> >> > > Martin, > > I have not made that change yet as I was debating it a bit. But the idea > would be to add an > object called a binding. In thinking it through it is not entirely > functionally equivalent so > I backed out of the change. > > Have the operations on exchange means that you can generically lock down an > exchange and > not have to apply ACL to all the binding objects. so unless I can figure the > above use case > I think it is better to leave it as it is > > On the @ identifier, that is [EMAIL PROTECTED] /realm. So yes it is the > Userid > as supplied > when using SASL with the domain not stripped. (for Cyrus) > > You say you can't have an @, is that in the spec? If so that is a bug in the > spec. It is needed > for kerberos or any domained security model.
My mistake.. just says it is a shortstr thought there was something else to it. Add in handling for the userid format if you can confirm this is correct userid = username[@<domain>[/<realm>]] username = domain = realm = Hopefully I'll get some time to finish off the new Java Broker ACL work. Testing is the hardest part so any suggestions on automating it would be greatly appreciated. Cheers Martin > Carl. > > > > -- Martin Ritchie
