[zeromq-dev] ZMQPP and metadata in ZAP reply

Arnaud Kapp kapp.arno at gmail.com
Sat May 21 00:26:45 CEST 2016


Hey David,

Glad to have confirmation that this works :)

Regarding your follow-up question, I do not know.

I can however offer a potential workaround. I don't like it very much tho.
We know that the ZAP handler bind on "inproc://". Inproc is context
specific.
This means that if you have 2 different zeroMQ contexts, you can have
2 different handlers. You could then group up socket by type in a context,
and have
different handler for the 2 contexts.

Now, I said I don't like that very much. I don't know the impact (on
performance) of having multiple context.
I would guess it's negligible though. Depending on how your code works, it
may be annoying for you
to keep reference to 2 (or more) contexts.

I do think that a patch to libzmq improving the behavior and exposing more
informations has a good
chance to be accepted.

On Sun, May 8, 2016 at 10:50 PM, David Jelenc <david.jelenc at fri.uni-lj.si>
wrote:

> Hi,
>
> to anyone who may also want to encode metadata to ZAP replies (to be later
> used--for instance--for authorization purposes) -- Arnaud's suggestion
> works great.
>
> (The idea is for the ZAP handler to write authorization data into metadata
> field which is later available on every message coming from the
> authenticated client in the form of a message property.)
>
> I have a follow up question that is more ZAP related: besides the fields
> defined in ZRFC27, is there any other client data I can access? Like the
> port to which the client connected or the type of client's socket?
>
> My ZAP handler authenticates several sockets and I'd like to have separate
> logic in my ZAP handler depending on the socket type. (I'm asking about the
> port number, because I can infer the socket type from it.)
>
> Best,
> David
>
> On 29. 04. 2016 23:25, Arnaud Kapp wrote:
>
>> Hello David,
>>
>>  > I sense, this part has to be addressed in libzmq and not in zmqpp,
>> but I’m not sure where.
>>
>> In theory libzmq supports your use case. You'd have to write your own
>> ZAP handler manualy and return your metada as part of the ZAP reply (as
>> specified in ZRFC27)
>> You cannot use zmqpp::auth for this, it's not flexible enough.
>>
>>  > However, I see no way for accessing the additional parts of the ZAP
>> reply on my server.
>>
>> Your "listofactions" metadata property would be available on any
>> messages from the matching client.
>> To retrieve a metadata/property from a message with zmqpp you can use:
>> msg.get_property("pname", out);
>>
>> I know this works for the "Identity" property. Unless libzmq doesn't
>> implement it for generic properties, it should work.
>> Let us know how you fare.
>>
>> On Fri, Apr 29, 2016 at 3:39 PM, David Jelenc
>> <david.jelenc at fri.uni-lj.si <mailto:david.jelenc at fri.uni-lj.si>> wrote:
>>
>>     According to http://rfc.zeromq.org/spec:27, the ZAP reply contains
>>     several fields, including the metadata filed that can be used to
>>     store additional data regarding the authenticating clients.
>>
>>     I’d like to use this filed to store some authorization data: the
>>     idea is that, using ZAP, my server queries an AAA server that either
>>     accepts or rejects the the connecting client. If the client is
>>     accepted, the AAA also provides a list of actions the accepted
>>     client is allowed to perform. I’d like to store this actions in the
>>     metadata field of the ZAP reply.
>>
>>     I’m using zmqpp C++ bindings, where the metadata is currently
>>     hardcoded to be empty
>>     (
>> https://github.com/zeromq/zmqpp/blob/develop/src/zmqpp/zap_request.cpp#L83
>> ).
>>     However, this is easily addressed.
>>
>>     My main concern is now on the server side: where and how do I
>>     process this metadata?
>>
>>     The API is such that if the ZAP reply contains status code 200 and a
>>     OK message, the client is allowed to connect. However, I see no way
>>     for accessing the additional parts of the ZAP reply on my server.
>>
>>     I sense, this part has to be addressed in libzmq and not in zmqpp,
>>     but I’m not sure where.
>>
>>     Any help would be greatly appreciated.
>>
>>     Best,
>>     David
>>     _______________________________________________
>>     zeromq-dev mailing list
>>     zeromq-dev at lists.zeromq.org <mailto:zeromq-dev at lists.zeromq.org>
>>     http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>>
>>
>>
>>
>> --
>> Kapp Arnaud - Xaqq
>>
>>
>> _______________________________________________
>> zeromq-dev mailing list
>> zeromq-dev at lists.zeromq.org
>> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>>
>> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>



-- 
Kapp Arnaud - Xaqq
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.zeromq.org/pipermail/zeromq-dev/attachments/20160521/0a08f2bc/attachment.htm>


More information about the zeromq-dev mailing list