You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@qpid.apache.org by Morgan Lindqvist <mo...@ericsson.com> on 2017/03/01 19:13:27 UTC

[qpid c++] ACL for writing to an exchange

Hi All,

I have an issue that I can not get working

Setup:

I have one exchange and three queues connected to it with a filter between
the exchange and each queue.

The issue I have is to get the users write access to the exchange.

acl allow producer access exchange name=nwEx
acl allow producer access queue name=nwEx
acl allow producer publish exchange routingkey=nwEx

This does however not give the users in the "producer" group write access to
the exchange. I have tried looking for documentation but failed. Any
pointers or examples would be very much appreciated.

I do not have the error message available now but it is something like that
the user do not have write access to the queues connected to the exchange.

/Morgan



--
View this message in context: http://qpid.2158936.n2.nabble.com/qpid-c-ACL-for-writing-to-an-exchange-tp7659852.html
Sent from the Apache Qpid users mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org

Re: [qpid c++] ACL for writing to an exchange

Posted by Gordon Sim <gs...@redhat.com>.

On 02/03/17 09:18, Morgan Lindqvist wrote:
> I am using AMQP 1.0, a requirement for the implementation. Can I not use an
> "exchange" and connect it to a queue and write to the exchange and read from
> the queue in this case?

Yes, you can. AMQP 1.0 doesn't cover the binding of the queue to the 
exchange but you can use the brokers management tools or management 
protocol to do that.

However you would be publishing to an explicit, named exchange, and 
would need to specify the name of the exchange in the ACl rule.

> I have big difficulties in identifying which part of quid that is for 1.0
> and which parts are for pre- 1.0

Sorry about that. There are some 1.0 specific notes: 
https://git1-us-west.apache.org/repos/asf/qpid-proton/repo?p=qpid-cpp.git;a=blob;f=docs/amqp-1.0.txt;h=0e811a68f5975b1cbb5c404316b5997ec763a70b;hb=HEAD

Also feel free to ask questions on this list.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org

Re: [qpid c++] ACL for writing to an exchange

Posted by Morgan Lindqvist <mo...@ericsson.com>.

Hi,

I will try getting the logs, but until then.

I am using AMQP 1.0, a requirement for the implementation. Can I not use an
"exchange" and connect it to a queue and write to the exchange and read from
the queue in this case?

I have big difficulties in identifying which part of quid that is for 1.0
and which parts are for pre- 1.0

/Morgan




--
View this message in context: http://qpid.2158936.n2.nabble.com/qpid-c-ACL-for-writing-to-an-exchange-tp7659852p7659880.html
Sent from the Apache Qpid users mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org

Re: [qpid c++] ACL for writing to an exchange

Posted by Chuck Rolke <cr...@redhat.com>.

Without the "name" field the ACL rule applies to "AMQP 1.0 establish sender link to queue" and not to AMQP 0-10 publishing to an exchange.

See the table http://qpid.apache.org/releases/qpid-cpp-1.36.0/cpp-broker/book/chap-Messaging_User_Guide-Security.html#tabl-Messaging_User_Guide-ACL_Syntax-ACL_ActionObject_properties

Section 1.5.2.5 of that document describes auditing your ACL file.


----- Original Message -----
> From: "Jakub Scholz" <ja...@scholz.cz>
> To: users@qpid.apache.org
> Sent: Wednesday, March 1, 2017 2:48:40 PM
> Subject: Re: [qpid c++] ACL for writing to an exchange
> 
> Hi Morgan,
> 
> You might be missing the exchange name. The publish rule should look
> something like this:
> acl allow producer publish exchange name=my_exchange routingkey=myRoutingKey
> 
> But without the logs it is just guessing.
> 
> Jakub
> 
> On Wed, Mar 1, 2017 at 8:13 PM, Morgan Lindqvist <
> morgan.lindqvist@ericsson.com> wrote:
> 
> > Hi All,
> >
> > I have an issue that I can not get working
> >
> > Setup:
> >
> > I have one exchange and three queues connected to it with a filter between
> > the exchange and each queue.
> >
> > The issue I have is to get the users write access to the exchange.
> >
> > acl allow producer access exchange name=nwEx
> > acl allow producer access queue name=nwEx
> > acl allow producer publish exchange routingkey=nwEx
> >
> > This does however not give the users in the "producer" group write access
> > to
> > the exchange. I have tried looking for documentation but failed. Any
> > pointers or examples would be very much appreciated.
> >
> > I do not have the error message available now but it is something like that
> > the user do not have write access to the queues connected to the exchange.
> >
> > /Morgan
> >
> >
> >
> > --
> > View this message in context: http://qpid.2158936.n2.nabble.
> > com/qpid-c-ACL-for-writing-to-an-exchange-tp7659852.html
> > Sent from the Apache Qpid users mailing list archive at Nabble.com.
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
> > For additional commands, e-mail: users-help@qpid.apache.org
> >
> >
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org

Re: [qpid c++] ACL for writing to an exchange

Posted by Jakub Scholz <ja...@scholz.cz>.

Hi Morgan,

You might be missing the exchange name. The publish rule should look
something like this:
acl allow producer publish exchange name=my_exchange routingkey=myRoutingKey

But without the logs it is just guessing.

Jakub

On Wed, Mar 1, 2017 at 8:13 PM, Morgan Lindqvist <
morgan.lindqvist@ericsson.com> wrote:

> Hi All,
>
> I have an issue that I can not get working
>
> Setup:
>
> I have one exchange and three queues connected to it with a filter between
> the exchange and each queue.
>
> The issue I have is to get the users write access to the exchange.
>
> acl allow producer access exchange name=nwEx
> acl allow producer access queue name=nwEx
> acl allow producer publish exchange routingkey=nwEx
>
> This does however not give the users in the "producer" group write access
> to
> the exchange. I have tried looking for documentation but failed. Any
> pointers or examples would be very much appreciated.
>
> I do not have the error message available now but it is something like that
> the user do not have write access to the queues connected to the exchange.
>
> /Morgan
>
>
>
> --
> View this message in context: http://qpid.2158936.n2.nabble.
> com/qpid-c-ACL-for-writing-to-an-exchange-tp7659852.html
> Sent from the Apache Qpid users mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
> For additional commands, e-mail: users-help@qpid.apache.org
>
>