Mixed authorization (static & dynamic)

#1

I wonder if, in crossbar, it is possible to mix dynamic e static authorization.
I mean, could it be possible to have configuration like this?

[…]

“roles”: [

{

“name”: “basic_user”,

"permissions": [

{

"uri": “one.specific.topic”,

"publish": true,

"subscribe": true,

"call": true,

"register": true

}

]

"authorizer": "my.own.authorizer"

},

{

“name”: “backend”,

“permissions”: [

{

“uri”: “*”,

“publish”: true,

“subscribe”: true,

“call”: true,

“register”: true

}

]

}

]

[…]

I.e.: I could have a list of topic with fixed names (like one.specific.topic), and other with a dynamic name, like chat.room.{user_uuid}; for the second type of topic I would like to grant authorization for user with role basic_user, to subscribe and publish to chat.room.{user_uuid} and not to chat.room.{other_user_uuid}. I can obtain it easly, using only dynamic authorization; but it will be great if I could use both static and dynamic authorization for the same role.

0 Likes

#2

Did some tries… it looks like the “mixed” authorization won’t work; the static one always win.

···

Il giorno lunedì 23 febbraio 2015 18:38:11 UTC+1, Francesco Cozzolino ha scritto:

I wonder if, in crossbar, it is possible to mix dynamic e static authorization.
I mean, could it be possible to have configuration like this?

[…]

“roles”: [

{

“name”: “basic_user”,

"permissions": [

{

"uri": “one.specific.topic”,

"publish": true,

"subscribe": true,

"call": true,

"register": true

}

]

"authorizer": "my.own.authorizer"

},

{

“name”: “backend”,

“permissions”: [

{

“uri”: “*”,

“publish”: true,

“subscribe”: true,

“call”: true,

“register”: true

}

]

}

]

[…]

I.e.: I could have a list of topic with fixed names (like one.specific.topic), and other with a dynamic name, like chat.room.{user_uuid}; for the second type of topic I would like to grant authorization for user with role basic_user, to subscribe and publish to chat.room.{user_uuid} and not to chat.room.{other_user_uuid}. I can obtain it easly, using only dynamic authorization; but it will be great if I could use both static and dynamic authorization for the same role.

0 Likes

#3

Hi Francesco,

ah, yes, this could be handy! It’s not possible today, but we might add it:

https://github.com/crossbario/crossbar/issues/261

Cheers,
/Tobias

···

Am Montag, 23. Februar 2015 18:38:11 UTC+1 schrieb Francesco Cozzolino:

I wonder if, in crossbar, it is possible to mix dynamic e static authorization.
I mean, could it be possible to have configuration like this?

[…]

“roles”: [

{

“name”: “basic_user”,

"permissions": [

{

"uri": “one.specific.topic”,

"publish": true,

"subscribe": true,

"call": true,

"register": true

}

]

"authorizer": "my.own.authorizer"

},

{

“name”: “backend”,

“permissions”: [

{

“uri”: “*”,

“publish”: true,

“subscribe”: true,

“call”: true,

“register”: true

}

]

}

]

[…]

I.e.: I could have a list of topic with fixed names (like one.specific.topic), and other with a dynamic name, like chat.room.{user_uuid}; for the second type of topic I would like to grant authorization for user with role basic_user, to subscribe and publish to chat.room.{user_uuid} and not to chat.room.{other_user_uuid}. I can obtain it easly, using only dynamic authorization; but it will be great if I could use both static and dynamic authorization for the same role.

0 Likes