Autobahn|Cpp: caller's Id on callee?

#1

Hi all,

I need to generate caller-specific results on the callee side. My original move was to maintain per-caller states there and to use caller IDs for selecting corresponding contexts. However, I can't see how I can obtain a caller's ID from the body of a registered function. The context is about to be quite big, so I don't want to pass it around on every call. At the same time, passing the ID as an extra parameter looks like an insecure solution.

Am I missing something?

Thanks,
Ivan.

0 Likes

#2

Ivan,

When you make a call, add a parameter “{disclose_me: true}” to your request. This will tell your WAMP router (probably Crossbar.io I’m guessing) to send the authid along with your call parameters to the callee. The callee will find that authid in the ‘details’ part of the call parameters. You can trust this authid because it comes from the WAMP router (not the client) and can’t be modified by the client without re-authentication to WAMP router. The authid comes from the CRA handshake that was done to establish the connection in the first place.

I find it tedious to require this “disclose_me: true” for all requests (because I am doing callee-side access control) and I wish there were a setting in the WAMP router that would require that all calls have disclosure forced ON. Until we get that feature, you have to request it manually at the client with all calls.

– Dante

···

On Monday, February 2, 2015 at 10:50:06 PM UTC-6, IvanK wrote:

Hi all,

I need to generate caller-specific results on the callee side. My original move was to maintain per-caller states there and to use caller IDs for selecting corresponding contexts. However, I can’t see how I can obtain a caller’s ID from the body of a registered function. The context is about to be quite big, so I don’t want to pass it around on every call. At the same time, passing the ID as an extra parameter looks like an insecure solution.

Am I missing something?

Thanks,

Ivan.

0 Likes

#3

Hi Dante,

Thanks for the insight. It's not exactly what I need, I rather want a callee to enforce its caller to disclosure the ID.

Unfortunately, this is not what Autobahn|Cpp supports. To do this, one needs to replace
  m_packer.pack (m_request_id);
  m_packer.pack_map (0);
in session::provide with
  m_packer.pack (m_request_id);
  m_packer.pack_map (1);
  m_packer.pack ("disclosure_caller");
  m_packer.pack (true);

After this Crossbar.io starts sending caller IDs around, but even then they are silently dropped inside session::process_invocation (see msg[3] variable), so there is no access to this information from registered procedures.

I start thinking of following Emile.

0 Likes

#4

Interestingly enough, when I manually set the aforementioned "disclose_caller" to "true" on registering a procedure, I start getting "authid" along with "caller" from Crossbar.io, but its apparently unavailable as well from the procedure.

0 Likes