Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add mandatoryTags to YAML authorization file #2

Open
bgaillard opened this issue Aug 17, 2016 · 0 comments
Open

Add mandatoryTags to YAML authorization file #2

bgaillard opened this issue Aug 17, 2016 · 0 comments
Assignees
@bgaillard
Labels
enhancement
Milestone
1.3.0

Comments

@bgaillard
Copy link
Member

The ApplicationsAuthManager works as expected but the current implementation allows to forward messages everywhere using any credentials defined in the YAML authorization file.

For example its currently possible to forward messages to clients connected with the credentials of application1 with the credentials of application2.

applications:
  - 
    key: application1
    secret: 7UxuWw3ZcFBW85U2rdtjKZeStMHKVAzf8jpqkb5eAPBkd37F2sz4x3WS3GnMk7gq
    authorizeOpen: true  
 - key: application2
    secret: Kmrw5apmzmQMseAttckp6e7APeCDVtL58QzSPaKqqdHUF469hfhWyue3ns363kn5
    authorizeOpen: false

To prevent credentials of application2 to allows message sendings to clients connected with the credentials of application1 we propose a new mandatoryTags property.

Here is an example.

applications:
  - 
    key: application1
    secret: 7UxuWw3ZcFBW85U2rdtjKZeStMHKVAzf8jpqkb5eAPBkd37F2sz4x3WS3GnMk7gq
    authorizeOpen: true  
    mandatoryTags:
      -
          applicationName: application1
 - key: application2
    secret: Kmrw5apmzmQMseAttckp6e7APeCDVtL58QzSPaKqqdHUF469hfhWyue3ns363kn5
    authorizeOpen: false

This will force clients using the first credentials to specify an applicationName tag with the application1 value, otherwise connection and message sending will fail.

Also the consequence will be that all the clients will be forced to use the same applicationName tag value and we can be sure the messages will always be forwarded only to the application1 clients.
@bgaillard bgaillard modified the milestones: 1.1.0, 1.2.0 Aug 17, 2016
@bgaillard bgaillard self-assigned this Aug 22, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bgaillard bgaillard

Labels
enhancement
Projects
None yet
Milestone
1.3.0
Development

No branches or pull requests
1 participant
@bgaillard