You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by Danushka Menikkumbura <da...@gmail.com> on 2010/08/08 15:12:21 UTC
Qpid SecurityPlugin "access" and "authorise"
Hi devs,
I do not have a clear idea why there are two methods in SecurityPlugin to
handle authorization. IMO we should be able to manage with just one method.
Probably I am missing something here. Someone please shed some light on
this.
Thanks,
Danushka
Re: Qpid SecurityPlugin "access" and "authorise"
Posted by Andrew Kennedy <an...@gmail.com>.
Yes,
The original reason was because of the way the Firewall plugin worked,
since it needed a SocketAddress object to work with. On reflection a
single authorise method is better, however it would mean more complex
address processing logic for that callback, and passing the address as
a string, if it is possible to obtain it (since an in-vm broker will
not have a source IP address) and I am also not sure how the method
would handle IPV6 addresses at the moment...
Andrew.
--
-- andrew d kennedy ? edinburgh : +44 7941 197 134
On 8 August 2010 17:10, Robbie Gemmell <ro...@gmail.com> wrote:
> Hi Danushka,
>
> I believe that came about due to the completely different interpretation of
> 'access' behaviour between the v1 'Simple XML' and v2 ACL formats. It may be
> possible that the relevant sections could be modified to allow combining the
> two methods, Andrew Kennedy is the person best able to talk about that
> though.
>
> Robbie
>
>> -----Original Message-----
>> From: Danushka Menikkumbura [mailto:danushka.menikkumbura@gmail.com]
>> Sent: 08 August 2010 14:12
>> To: dev@qpid.apache.org
>> Subject: Qpid SecurityPlugin "access" and "authorise"
>>
>> Hi devs,
>>
>> I do not have a clear idea why there are two methods in SecurityPlugin
>> to
>> handle authorization. IMO we should be able to manage with just one
>> method.
>> Probably I am missing something here. Someone please shed some light on
>> this.
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org
RE: Qpid SecurityPlugin "access" and "authorise"
Posted by Robbie Gemmell <ro...@gmail.com>.
Hi Danushka,
I believe that came about due to the completely different interpretation of
'access' behaviour between the v1 'Simple XML' and v2 ACL formats. It may be
possible that the relevant sections could be modified to allow combining the
two methods, Andrew Kennedy is the person best able to talk about that
though.
Robbie
> -----Original Message-----
> From: Danushka Menikkumbura [mailto:danushka.menikkumbura@gmail.com]
> Sent: 08 August 2010 14:12
> To: dev@qpid.apache.org
> Subject: Qpid SecurityPlugin "access" and "authorise"
>
> Hi devs,
>
> I do not have a clear idea why there are two methods in SecurityPlugin
> to
> handle authorization. IMO we should be able to manage with just one
> method.
> Probably I am missing something here. Someone please shed some light on
> this.
>
> Thanks,
> Danushka
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org