[rabbitmq-discuss] Announcing: rabbitmq-proxyauth: A RabbitMQ Proxy Authentication patch/Plugin
Matthias Radestock
matthias at rabbitmq.com
Mon Jul 26 10:44:27 BST 2010
Scott,
On 22/07/10 05:11, Scott Brooks wrote:
> TLDR: proof of concept patch to rabbitmq-server, plugin, and ruby
> backend to authenticate users.
> http://github.com/Blaze74/rabbit_proxyauth
> http://github.com/Blaze74/proxyauth.rb
some comments on the server patch:
1) I'd prefer if this dealt with authentication only, not also
authorisation. The latter is very rabbit-specific and likely to change
in the future.
2) Your rabbit_access_control_proxy module should have an API that
performs the gen_server calls, i.e. the interface to it should be a set
of functions (e.g. authenticate(User, Pass) -> boolean()), not a set of
gen_server messages. That's a general OTP design principle.
3) The authentication backend should be configurable via an
"authentication_module" app env var, and the default setting should
point to a module which refuses all authentication requests (i.e.
returns 'false' in the authenticate/2 call).
The objective of 2 and 3 is to allow a plug-in to override the default
setting for the authentication_module with a conforming alternative
implementation. For an example of how to structure 2 and 3 (including
behaviour definitions, spec files etc) take a look at the
backing_queue_module setting in 'default'.
Regards,
Matthias.
More information about the rabbitmq-discuss
mailing list