[rabbitmq-discuss] Authenticating to Applications
Max Bridgewater
max.bridgewater at gmail.com
Thu Feb 17 12:35:27 GMT 2011
Thanks Simon. This looks like what I'm looking for. Is this userid
also enforced for the RPCClient? This doesn't seem to be working for
me. here is my code:
public class RabbitMQPublish {
public static void main(String[] args) throws Exception {
Connection conn = null;
ConnectionFactory factory = new ConnectionFactory();
factory.setHost("localhost");
factory.setPassword("admin");
factory.setUsername("admin");
factory.setVirtualHost("MyLounge");
conn = factory.newConnection();
Channel chan = conn.createChannel();
BasicProperties p= new BasicProperties();
p.setUserId("adsssmins");
RpcClient rpc = new RpcClient(chan, "MyExchange", "Jobs");
byte[] resp=rpc.primitiveCall(p," An interactive message".getBytes());
System.out.println(new String(resp));
Thread.sleep(10000);
chan.close();
conn.close();
}
}
On Thu, Feb 17, 2011 at 2:52 AM, Simon MacMullen <simon at rabbitmq.com> wrote:
> On 17/02/2011 1:12AM, Max Bridgewater wrote:
>>
>> Even if A and B are authenticated, I don't find a way in the Java API
>> that tells me who sent the message. I was assuming that after
>> authentication, RabbitMQ would set the user-Id in BasicProperties.
>> Then, any attempt to temper with that ID would be detected by RabbitMQ
>> and the message discarded.
>
> The server does not set the user-id property in case a publishing app does
> not want its identity revealed for whatever reason.
>
> However, if *you* set the user-id property, the server will enforce it.
> Therefore if you see a user-id property, you can trust it.
>
> See: http://www.rabbitmq.com/extensions.html#validated-user-id
>
> Cheers, Simon
> _______________________________________________
> rabbitmq-discuss mailing list
> rabbitmq-discuss at lists.rabbitmq.com
> https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
>
More information about the rabbitmq-discuss
mailing list