Mythz,
I have a dto that is registered as a RabbitMqServer handler for a service - if I decorate that service class with [Restrict(AccessTo = RequestAttributes.MessageQueue)] it seems to fail to execute the an incoming message which then gets passed to the DLQ? It works fine without the Restrict decoration.
Is there any other settings that I need to make to allow me to restrict access to just the Mq?
Cheers,
Dan
Strange, the BasicRequest used should already be including RequestAttributes.MessageQueue to the request context.
What does your RegisterHandler<T> code look like for the failing request? Also can you please provide the StackTrace?
The response in the DLQ is
Error:
{"errorCode":"UnauthorizedAccessException","message":"Could not execute service 'NotificationRequest', The following restrictions were not met: '\n -[None]'\n Unauthorized call was made from: LocalSubnet, MessageQueue","stackTrace":null,"errors":[],"meta":null}
So it appears that the call properties are being added to the request context it’s just something is going astray with the Restrict attribute on the basic request.
I’m configuring the handlers like so:
var cs = ConfigSettings.Common.MqConnectionString;
var mf = new RabbitMqMessageFactory(cs);
Container.Register<IMessageFactory>(mf);
var mqService = new RabbitMqServer(mf);
Container.Register(mqService);
mqService.RegisterHandler<NotificationRequest>(AppHost.ExecuteMessage);
Cheers,
Dan
FYI I’ve added several tests around MQ Restrictions in this commit showing it working as intended.
The issue is that you should only use AccessTo when you want to specify the entire restriction it should be allowed on, e.g:
[Restrict(AccessTo = RequestAttributes.MessageQueue | RequestAttributes.InternalNetworkAccess)]
public class NotificationRequest {}
If you only want to add a single restriction but allow all other request attributes use the constructor, e.g:
[Restrict(RequestAttributes.MessageQueue)]
public class NotificationRequest {}
Which will Restrict the Endpoint to MessageQueue but allow it to be called with any other Request Attribute.
I have the same issue.
I had to add [Restrict(RequestAttributes.LocalSubnet | RequestAttributes.MessageQueue)] to my DTOs to make it work.
Here is the relevant code:
//DTO
//[Restrict(RequestAttributes.MessageQueue)] //won't work with this - throws UnauthorizedAccessException
[Restrict(RequestAttributes.LocalSubnet | RequestAttributes.MessageQueue)] //need to do it like this to make it work
public class NotifyClientEvent
{}
//MQ Server
var rabbitMqServer = new RabbitMqServer(mqHost, mqUsername, mqPassword);
container.Register<IMessageService>(rabbitMqServer);
rabbitMqServer.RegisterHandler<NotifyClientEvent>(ServiceController.ExecuteMessage);