accountsmap. The contents of an account entry includes:
accountslist is a map, where the keys on the map are an account name.
In the most straightforward configuration above you have an account named
Awhich has a single user identified by the username
aand the password
a, and an account named
Bwith a user identified by the username
band the password
b.These two accounts are isolated from each other. Messages published by users in
Aare not visible to users in
- and add permissionsWhile the name account implies one or more users, it is much simpler and enlightening to think of one account as a messaging container for one application. Users in the account are simply the minimum number of services that must work together to provide some functionality. In simpler terms, more accounts with few (even one) clients is a better design topology than a large account with many users with complex authorization configuration.
exportsconfiguration list enable you to define the services and streams that others can import. Exported services and streams are expressed as an Export configuration map. The
importsconfiguration lists the services and streams that an Account imports. Imported services and streams are expressed as an Import configuration map.
streamand optionally defines specific accounts that can import the stream or service. Here are the supported configuration properties:
Bon the wildcard subject
Bon the subject
tooptions are optional and allow you to remap the subject that is used locally to receive stream messages from or publish service requests to. This way the importing account does not depend on naming conventions picked by another. Currently, a service import can not make use of wildcards, which is why the import subject can be rewritten. A stream import may make use of wildcards. To retain information contained in the subject, it can thus only be prefixed with
Bcan receive on
Bcan send requests on
Cimports the public service and stream from
A, but also:
puba.>stream to be locally available under
from_a.puba.>. The messages will have their original subjects prefixed by
pubq.Cservice to be locally available under
Conly needs to publish to
Ais visible to all external accounts that imports the stream.
Ais available to all external accounts so long as they know the full subject of where to send the request. Typically an account will export a wildcard service but then coordinate with a client account on specific subjects where requests will be answered. On our example, account
Caccess the service on
pubq.C(but has mapped it for simplicity to
b.>is private, only account
Bcan receive messages from the stream.
q.bis private; only account
Bcan send requests to the service.
Cpublishes a request to
Cclients will see
Qmessages. However, the server will remap
pubq.Cand forward the requests to account
no_auth_userbeing set, clients still need to communicate that they will not be using credentials. The authentication timeout applies to this process as well. When your connection is slow, you may run into this timeout and the resulting
Authentication Timeouterror, despite not providing credentials.