How to prevent autobahn wildcard subscriptions?

#1

I want to prevent wildcard topic subscriptions from occurring. Is this a config file option somewhere?

0 Likes

#2

Hi Craig!

There is currently no option to disable wildcard subscriptions. However, if you configure your application’s topics explicitly, i.e. set permissions for each of them, then wildcard subscriptions will not be possible.

What is your use case where you want to turn of wildcard subscriptions?

Regards,

Alex

···

Am Mittwoch, 11. November 2015 02:23:45 UTC+1 schrieb craig@dialog.fit:

I want to prevent wildcard topic subscriptions from occurring. Is this a config file option somewhere?

0 Likes

#3

I can imagine one issue :

Let’s say you make a private chat, and you send “chat.message.new.87998” where 87998 is the chat room id.

If you want private rooms, you need to prevent clients to subscribe to to “chat.messag.new.*” and get all messages.

···

On Wednesday, November 11, 2015 at 12:30:45 PM UTC+1, Alexander Gödde wrote:

Hi Craig!

There is currently no option to disable wildcard subscriptions. However, if you configure your application’s topics explicitly, i.e. set permissions for each of them, then wildcard subscriptions will not be possible.

What is your use case where you want to turn of wildcard subscriptions?

Regards,

Alex

Am Mittwoch, 11. November 2015 02:23:45 UTC+1 schrieb craig@dialog.fit:

I want to prevent wildcard topic subscriptions from occurring. Is this a config file option somewhere?

0 Likes

#4

Hi Michel!

I see what you mean - explicit configuration and dynamically generated subscription IDs are mutually exclusive when you want to exclude prefix subscriptions based on a static configuration file.

In this case you’d need dynamic authorization.

Regards,

Alex

···

Am Mittwoch, 11. November 2015 18:50:49 UTC+1 schrieb Michel Desmoulin:

I can imagine one issue :

Let’s say you make a private chat, and you send “chat.message.new.87998” where 87998 is the chat room id.

If you want private rooms, you need to prevent clients to subscribe to to “chat.messag.new.*” and get all messages.

On Wednesday, November 11, 2015 at 12:30:45 PM UTC+1, Alexander Gödde wrote:

Hi Craig!

There is currently no option to disable wildcard subscriptions. However, if you configure your application’s topics explicitly, i.e. set permissions for each of them, then wildcard subscriptions will not be possible.

What is your use case where you want to turn of wildcard subscriptions?

Regards,

Alex

Am Mittwoch, 11. November 2015 02:23:45 UTC+1 schrieb craig@dialog.fit:

I want to prevent wildcard topic subscriptions from occurring. Is this a config file option somewhere?

0 Likes

#5

Does this mean you can’t have a static configuration file for events, and then have a client catching all events to display it in an admin console for review ?

···

On Wednesday, November 11, 2015 at 7:27:30 PM UTC+1, Alexander Gödde wrote:

Hi Michel!

I see what you mean - explicit configuration and dynamically generated subscription IDs are mutually exclusive when you want to exclude prefix subscriptions based on a static configuration file.

In this case you’d need dynamic authorization.

Regards,

Alex

Am Mittwoch, 11. November 2015 18:50:49 UTC+1 schrieb Michel Desmoulin:

I can imagine one issue :

Let’s say you make a private chat, and you send “chat.message.new.87998” where 87998 is the chat room id.

If you want private rooms, you need to prevent clients to subscribe to to “chat.messag.new.*” and get all messages.

On Wednesday, November 11, 2015 at 12:30:45 PM UTC+1, Alexander Gödde wrote:

Hi Craig!

There is currently no option to disable wildcard subscriptions. However, if you configure your application’s topics explicitly, i.e. set permissions for each of them, then wildcard subscriptions will not be possible.

What is your use case where you want to turn of wildcard subscriptions?

Regards,

Alex

Am Mittwoch, 11. November 2015 02:23:45 UTC+1 schrieb craig@dialog.fit:

I want to prevent wildcard topic subscriptions from occurring. Is this a config file option somewhere?

0 Likes

#6

dynamic authorization means that each time a client (any client(*)) wants to subscribe (or publish or call rpc), the code you’ve written to do this authorization will be called with enough data to know who’s trying to access. If your authorization code athorizes your admin console to do anything, it’ll be OK.

(*) dynamic authorization is exclusive to static authorization. You can’t mix them.

···

Le jeudi 12 novembre 2015 15:30:32 UTC+1, Michel Desmoulin a écrit :

Does this mean you can’t have a static configuration file for events, and then have a client catching all events to display it in an admin console for review ?

0 Likes

#7

Hi Michel!

The situation you brought up was that you have a chat with e.g. “com.myapp.chat.general” for public chat, and clients which then have private channels such as “com.myapp.chat.1234”.

If you have a set number of clients then you can handle this with a static configuration: each client gets a role and can subscribe (and post) to the public channel and their own private channel. Clients can publish to any private channel. Your logging component has a separate role and can prefix-subscribe to “com.myapp.chat.” and get everything.

The need for dynamic authorization arises when you want to dynamically add clients. As far as I can see there is no way to allow clients to subscribe to “com.myapp.chat.xxxx” (where xxx is their id assigned at runtime) but to not allow them to prefix-subscribe to all “com.myapp.chat.” channels using a static configuration file.

Regards,

Alex

···

Am Donnerstag, 12. November 2015 15:30:32 UTC+1 schrieb Michel Desmoulin:

Does this mean you can’t have a static configuration file for events, and then have a client catching all events to display it in an admin console for review ?

On Wednesday, November 11, 2015 at 7:27:30 PM UTC+1, Alexander Gödde wrote:

Hi Michel!

I see what you mean - explicit configuration and dynamically generated subscription IDs are mutually exclusive when you want to exclude prefix subscriptions based on a static configuration file.

In this case you’d need dynamic authorization.

Regards,

Alex

Am Mittwoch, 11. November 2015 18:50:49 UTC+1 schrieb Michel Desmoulin:

I can imagine one issue :

Let’s say you make a private chat, and you send “chat.message.new.87998” where 87998 is the chat room id.

If you want private rooms, you need to prevent clients to subscribe to to “chat.messag.new.*” and get all messages.

On Wednesday, November 11, 2015 at 12:30:45 PM UTC+1, Alexander Gödde wrote:

Hi Craig!

There is currently no option to disable wildcard subscriptions. However, if you configure your application’s topics explicitly, i.e. set permissions for each of them, then wildcard subscriptions will not be possible.

What is your use case where you want to turn of wildcard subscriptions?

Regards,

Alex

Am Mittwoch, 11. November 2015 02:23:45 UTC+1 schrieb craig@dialog.fit:

I want to prevent wildcard topic subscriptions from occurring. Is this a config file option somewhere?

0 Likes

#8

Ok, thanks :slight_smile:

···

On Friday, November 13, 2015 at 11:45:39 AM UTC+1, Alexander Gödde wrote:

Hi Michel!

The situation you brought up was that you have a chat with e.g. “com.myapp.chat.general” for public chat, and clients which then have private channels such as “com.myapp.chat.1234”.

If you have a set number of clients then you can handle this with a static configuration: each client gets a role and can subscribe (and post) to the public channel and their own private channel. Clients can publish to any private channel. Your logging component has a separate role and can prefix-subscribe to “com.myapp.chat.” and get everything.

The need for dynamic authorization arises when you want to dynamically add clients. As far as I can see there is no way to allow clients to subscribe to “com.myapp.chat.xxxx” (where xxx is their id assigned at runtime) but to not allow them to prefix-subscribe to all “com.myapp.chat.” channels using a static configuration file.

Regards,

Alex

Am Donnerstag, 12. November 2015 15:30:32 UTC+1 schrieb Michel Desmoulin:

Does this mean you can’t have a static configuration file for events, and then have a client catching all events to display it in an admin console for review ?

On Wednesday, November 11, 2015 at 7:27:30 PM UTC+1, Alexander Gödde wrote:

Hi Michel!

I see what you mean - explicit configuration and dynamically generated subscription IDs are mutually exclusive when you want to exclude prefix subscriptions based on a static configuration file.

In this case you’d need dynamic authorization.

Regards,

Alex

Am Mittwoch, 11. November 2015 18:50:49 UTC+1 schrieb Michel Desmoulin:

I can imagine one issue :

Let’s say you make a private chat, and you send “chat.message.new.87998” where 87998 is the chat room id.

If you want private rooms, you need to prevent clients to subscribe to to “chat.messag.new.*” and get all messages.

On Wednesday, November 11, 2015 at 12:30:45 PM UTC+1, Alexander Gödde wrote:

Hi Craig!

There is currently no option to disable wildcard subscriptions. However, if you configure your application’s topics explicitly, i.e. set permissions for each of them, then wildcard subscriptions will not be possible.

What is your use case where you want to turn of wildcard subscriptions?

Regards,

Alex

Am Mittwoch, 11. November 2015 02:23:45 UTC+1 schrieb craig@dialog.fit:

I want to prevent wildcard topic subscriptions from occurring. Is this a config file option somewhere?

0 Likes