You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by Robbie Gemmell <ro...@gmail.com> on 2015/10/02 11:23:14 UTC

Re: Review Request 38863: Add toggle to control sasl layer to proton.reactor.Container


> On Sept. 30, 2015, 10:25 a.m., Justin Ross wrote:
> > I know sasl_layer is what qpid jms is using, but I think sasl_enabled is better name.  It's what I would hunt for if I wanted to turn sasl on or off.  sasl_layer is not self evidently an on/off attribute; it looks like something that could take other values; this is some user uncertainty we can avoid.
> 
> Gordon Sim wrote:
>     I would have chosen sasl_enabled as well. I guess its a question of how you weight consistency versus prefered name. I think if the documentation is updated to include clear mention of these options (note to self!) it mitigates disadvantages either way.

I wouldnt worry too much about consistency, since the JMS client isnt strictly using either of these values, and given how rarely I see using such an option actually being necessary at all I'm not sure it really matters what it is called in the end :)

I picked "layer" over "enabled" for some not particularly important reasons, but I can see the latter might be clearer in some cases (such as in a dynamically typed language).


- Robbie


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/38863/#review101104
-----------------------------------------------------------


On Sept. 29, 2015, 9:56 p.m., Gordon Sim wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/38863/
> -----------------------------------------------------------
> 
> (Updated Sept. 29, 2015, 9:56 p.m.)
> 
> 
> Review request for qpid, Justin Ross and Ted Ross.
> 
> 
> Bugs: PROTON-1008
>     https://issues.apache.org/jira/browse/PROTON-1008
> 
> 
> Repository: qpid-proton-git
> 
> 
> Description
> -------
> 
> There is no direct and easy way to control whether a sasl layer is used or not that works for all cases. Prior to the 0.10 release, specifying a username was the trigger to enable sasl. However for EXTERNAL or GSSAPI that doesn't work as well. This patch proposes adding an explicit toggle to either enable or disable the use of sasl. It is enabled by default (ANONYMOUS is then a simple way of avoiding actual authentication if not needed), but can be disabled at the container- or connection- level.
> 
> For consistency I've also allowec connection level overrding of the allowed_mechs and allow_insecure_mechs options.
> 
> 
> Diffs
> -----
> 
>   proton-c/bindings/python/proton/reactor.py 8de5d89 
> 
> Diff: https://reviews.apache.org/r/38863/diff/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Gordon Sim
> 
>