Storing information in session

[norm...@gmail.com]

I'd like to authorize based on roles that are not defined in my crossbar config file. If my dynamic authorization method returns a role, I get:

>> Internal error (2): role auto-activation (role 'test_role') not yet implemented

It appears that crossbar requires roles to be predefined in the configuration.

Instead, I'm wondering if there's a way to store information in the session, such that it is persisted between requests, but not exposed (or editable) by the client. Then I could load the roles & abilities into the session object, and refer to that in my dynamic authorization method.

Any other suggestions?

Thanks

Norman Elton

[Tobias Oberstein]

Am 23.08.2018 um 03:59 schrieb norm...@gmail.com:
> I'd like to authorize based on roles that are not defined in my crossbar
> config file. If my dynamic authorization method returns a role, I get:
>
>>> Internal error (2): role auto-activation (role 'test_role') not yet
> implemented
>
> It appears that crossbar requires roles to be predefined in the
> configuration.

pls see https://github.com/crossbario/crossbar/issues/1379

in short: Crossbar.io needs predefined roles, CrossbarFX allows to
remotely and dynamically create WAMP roles ..

>
> Instead, I'm wondering if there's a way to store information in the
> session, such that it is persisted between requests, but not exposed (or

There are no "requests" in WAMP

> editable) by the client. Then I could load the roles & abilities into the
> session object, and refer to that in my dynamic authorization method.

No, this would break the design: WAMP routers are not for storing
application data

>
> Any other suggestions?

CrossbarFX has that feature (dynamic role creation)

>
> Thanks
>
> Norman Elton
>