Archived

This forum has been archived. Please start a new discussion on GitHub.

IceStorm: subscribe-only topics?

I am interested in an IceStorm deployment where I have strict control over who can publish to particular topics.

It seems that once a process obtains a handle to a topic manager proxy, however, it can do anything it wants: subscribe or publish.

Is there a way to implement "subscribe-only" topics?

Thanks.

Phil

Comments

  • matthew
    matthew NL, Canada
    If you want to make it secure you can use IceSSL to do this. What you'd do is issue all publishers with a unique certificate. You'd then set the property IceSSL.TrustOnly.Server.<IceStormServiceName>.Publish to accept only this certificate. In this way, any publisher that does not have this identity will not be permitted to publish events. Let me know if you need further information!
  • OK, that should work. Where would be the point of failure for the publisher with insufficient credentials, i.e. at what point does SSL negotiation occur?

    Here?
    Ice::ObjectPrx pub = topic->getPublisher()->ice_oneway();
    

    An SSL credentials exception would be thrown at some point?
  • matthew
    matthew NL, Canada
    The point of failure would be on the first publish. That is when you call a method on the publisher proxy, not when you obtain the publisher proxy. If the client is rejected by the server, a ConnectionLostException is thrown.