[zeromq-dev] ZMQPP and metadata in ZAP reply

David Jelenc david.jelenc at fri.uni-lj.si
Sun May 8 22:50:29 CEST 2016


Hi,

to anyone who may also want to encode metadata to ZAP replies (to be 
later used--for instance--for authorization purposes) -- Arnaud's 
suggestion works great.

(The idea is for the ZAP handler to write authorization data into 
metadata field which is later available on every message coming from the 
authenticated client in the form of a message property.)

I have a follow up question that is more ZAP related: besides the fields 
defined in ZRFC27, is there any other client data I can access? Like the 
port to which the client connected or the type of client's socket?

My ZAP handler authenticates several sockets and I'd like to have 
separate logic in my ZAP handler depending on the socket type. (I'm 
asking about the port number, because I can infer the socket type from it.)

Best,
David

On 29. 04. 2016 23:25, Arnaud Kapp wrote:
> Hello David,
>
>  > I sense, this part has to be addressed in libzmq and not in zmqpp,
> but I’m not sure where.
>
> In theory libzmq supports your use case. You'd have to write your own
> ZAP handler manualy and return your metada as part of the ZAP reply (as
> specified in ZRFC27)
> You cannot use zmqpp::auth for this, it's not flexible enough.
>
>  > However, I see no way for accessing the additional parts of the ZAP
> reply on my server.
>
> Your "listofactions" metadata property would be available on any
> messages from the matching client.
> To retrieve a metadata/property from a message with zmqpp you can use:
> msg.get_property("pname", out);
>
> I know this works for the "Identity" property. Unless libzmq doesn't
> implement it for generic properties, it should work.
> Let us know how you fare.
>
> On Fri, Apr 29, 2016 at 3:39 PM, David Jelenc
> <david.jelenc at fri.uni-lj.si <mailto:david.jelenc at fri.uni-lj.si>> wrote:
>
>     According to http://rfc.zeromq.org/spec:27, the ZAP reply contains
>     several fields, including the metadata filed that can be used to
>     store additional data regarding the authenticating clients.
>
>     I’d like to use this filed to store some authorization data: the
>     idea is that, using ZAP, my server queries an AAA server that either
>     accepts or rejects the the connecting client. If the client is
>     accepted, the AAA also provides a list of actions the accepted
>     client is allowed to perform. I’d like to store this actions in the
>     metadata field of the ZAP reply.
>
>     I’m using zmqpp C++ bindings, where the metadata is currently
>     hardcoded to be empty
>     (https://github.com/zeromq/zmqpp/blob/develop/src/zmqpp/zap_request.cpp#L83).
>     However, this is easily addressed.
>
>     My main concern is now on the server side: where and how do I
>     process this metadata?
>
>     The API is such that if the ZAP reply contains status code 200 and a
>     OK message, the client is allowed to connect. However, I see no way
>     for accessing the additional parts of the ZAP reply on my server.
>
>     I sense, this part has to be addressed in libzmq and not in zmqpp,
>     but I’m not sure where.
>
>     Any help would be greatly appreciated.
>
>     Best,
>     David
>     _______________________________________________
>     zeromq-dev mailing list
>     zeromq-dev at lists.zeromq.org <mailto:zeromq-dev at lists.zeromq.org>
>     http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>
>
>
>
> --
> Kapp Arnaud - Xaqq
>
>
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>



More information about the zeromq-dev mailing list