Hi, I'm using qpid C++ 0.34 with SSL authentication.
I have a mixture of durable and temporary queues and am trying to limit the access with ACL. All users have access to a single exchange for sending message but only some users have permission to read from one or more queues connected to that exchange. Also each program creates its own temporary queue (session_.createReceiver("#");) that should be used only as a reply queue but since it is a randomly generated UUID and expected messages have a certain reference id it's probably secured enough even if send permissions are not limited (if I understand correctly creator of temporary queue is the only one that is able to receive from it). With ACL list I use: acl allow send@QPID access exchange acl allow send@QPID access queue ... and everything works fine but is not very restrictive but if I try to limit access based on name: acl allow send@QPID access exchange name="send" acl allow send@QPID access queue name="receive" ... replying to temporary queues no longer works due to access permissions not being satisfied. Prefixing queue with a constant string and generating uuid manually for the rest of the name works fine with: acl allow send@QPID access exchange name="send" acl allow send@QPID access queue name="tmp.*" ... but this requires manual generation of queue names even though I don't need to know them outside the application since they are intended as direct reply queues only - address is provided in the message that triggers a reply. How can I represent temporary queues in ACL? Is it OK to use temporary queues as reply queues that exist as long as the owning application is running? Can you somehow limit access permissions so that temporary queue can only be accessed by the application that is replying to a received message? Thanks, Domen --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@qpid.apache.org For additional commands, e-mail: users-h...@qpid.apache.org