Home Help Center

IceStorm: subscribe-only topics?

phil++phil++ Member Philip KovacsOrganization: University of PennsylvaniaProject: Ice Storm Evaluation
I am interested in an IceStorm deployment where I have strict control over who can publish to particular topics.

It seems that once a process obtains a handle to a topic manager proxy, however, it can do anything it wants: subscribe or publish.

Is there a way to implement "subscribe-only" topics?

Thanks.

Phil

Comments

  • matthewmatthew NL, CanadaMember Matthew NewhookOrganization: ZeroC, Inc.Project: Internet Communications Engine ✭✭✭
    If you want to make it secure you can use IceSSL to do this. What you'd do is issue all publishers with a unique certificate. You'd then set the property IceSSL.TrustOnly.Server.<IceStormServiceName>.Publish to accept only this certificate. In this way, any publisher that does not have this identity will not be permitted to publish events. Let me know if you need further information!
  • phil++phil++ Member Philip KovacsOrganization: University of PennsylvaniaProject: Ice Storm Evaluation
    OK, that should work. Where would be the point of failure for the publisher with insufficient credentials, i.e. at what point does SSL negotiation occur?

    Here?
    Ice::ObjectPrx pub = topic->getPublisher()->ice_oneway();
    

    An SSL credentials exception would be thrown at some point?
  • matthewmatthew NL, CanadaMember Matthew NewhookOrganization: ZeroC, Inc.Project: Internet Communications Engine ✭✭✭
    The point of failure would be on the first publish. That is when you call a method on the publisher proxy, not when you obtain the publisher proxy. If the client is rejected by the server, a ConnectionLostException is thrown.
Sign In or Register to comment.