[rabbitmq-discuss] Custom authentication and authorization
Simon MacMullen
simon at rabbitmq.com
Mon Feb 14 10:30:19 GMT 2011
On 14/02/11 07:23, Benjamin Renaud wrote:
> I've started reading on Rabbit MQ's plugin's and the custom auth, but I
> wanted to check with the list before I launched into implementing our
> solution.
>
> We run RabbitMQ over the public Internet (.NET clients talking to an EC2
> cloud). On subscription, we'd like to run an
> authentication/authorization process, which would query our user server
> for auth/auth via REST. From what I gather, the right way to do this is
> to write a plugin for Rabbit, perhaps starting from an existing plugin
> as a starting point?
Yes.
You would need to write an implementation of the rabbit_auth_backend
behaviour. You should look at:
rabbitmq-server/src/rabbit_auth_backend.erl
- the behaviour itself
rabbitmq-server/include/rabbit_auth_backend_spec.erl
- the type signatures for the behaviour
rabbitmq-server/src/rabbit_auth_backend_internal.erl
- the implementation of the built in auth database. Note that you only
need to look at the code before the comment
"Manipulation of the user database".
rabbitmq-auth-backend-ldap/src/rabbit_auth_backend_ldap.erl
- alternate implementation using LDAP
You'll need to configure RabbitMQ to use your plugin. Set the
auth_backends variable for the rabbit application to a list of
authentication plugins to try in order.
And tell us of your experiences here :)
Cheers, Simon
--
Simon MacMullen
Staff Engineer, RabbitMQ
SpringSource, a division of VMware
More information about the rabbitmq-discuss
mailing list