Inheritance

If wildcard destinations are present in the configuration, an application’s destination might match multiple configured destinations. These are known as overlapping destinations.

Persistence Store and Cluster

Overlapping destinations must always use the same persistence store and cluster. It is an error to configure overlapping destinations with different persistence stores.

Subscription Properties

Overlapping destinations may specify different destination properties. When a topic subscription, queue, or map is created, FTL will choose one set of destination properties to use, out of all the overlapping destinations. In order of preference:

  • Exact match (no wildcards in the configured destination).

  • A match where the configured destination specifies the asterisk wildcard (*) as the last element.

  • A match where the configured destination specifies the greater-than wildcard (>) as the last element. If there are multiple of these matches, FTL will choose the configured destination with the greatest number of tokens.

These preference rules allow you to designate a set of destination properties to use in generic cases, and other sets of destination properties to use for certain special cases. For example:

  • If the application specifies foo.bar, and the configuration contains foo.bar and foo.*, FTL will use destination properties from foo.bar.

  • If the application specifies foo.bar, and the configuration contains foo.* and foo.>, FTL will use destination properties from foo.*.

  • If the application specifies foo.bar, and the configuration contains > and foo.>, FTL will use destination properties from foo.>.

Access Control

Overlapping destinations may specify different access control lists.

When an application program performs an operation on a destination (e.g. subscribe or publish), and you have enabled permissions in the FTL realm, FTL server will check that the application has permission to perform the requested operation on the specified destination.

When there are overlapping destinations in the configuration, FTL server will check the access control lists of all matching destinations. If any permission to perform the operation is granted for any matching destination, FTL server will allow the operation.

Put another way, the effective access control list for a specific destination is the union of the access control lists for all matching destinations. This allows you to specify broad permissions for more privileged users, and narrow permissions for less privileged users.

For example, if the configuration for foo.* indicates that user Bob is allowed to publish, while the configuration for foo.bar indicates that user Alice is allowed to publish, then:

  • Bob is allowed to publish on foo.bar and foo.boo.

  • Alice is allowed to publish on foo.bar but not on foo.boo.