[rabbitmq-discuss] Fine grain access control when using STOMP

Rob Harrop rob at rabbitmq.com
Fri Mar 11 14:27:52 GMT 2011


There is no way to restrict user access to particular routing key patterns.

One approach that might approximate this is to use separate topic 
exchanges for the topics you want. You can then address these in the 
STOMP adapter using /exchange/<topic.exchange.name>/<routing.key>



On 10/03/11 00:12, Nite wrote:
> Hi,
> I am trying to replace my ActiveMQ stomp server with RabbitMQ, but am
> having some trouble replicating the same level of access control that I
> get with ActiveMQ. For example, on ActiveMQ, I can specify:
> <authorizationMap> <authorizationEntries> <authorizationEntry topic=">"
> write="admins" read="admins" admin="admins" /> <authorizationEntry
> topic="foo.>" write="foo" read="foo" admin="foo" />
> </authorizationEntries> </authorizationMap>
> So admins have access to all topics, but the foo user has access to only
> the topics that begin with the words "foo.", e.g. foo.ping
> On rabbitmq, the farthest I can go using rabbitmqctl is:
> *./rabbitmqctl set_permissions foo "amq\.gen.*|amq\.topic$"
> "amq\.gen.*|amq\.topic$" "amq\.gen.*|amq\.topic$"*
> Which restricts the user "foo" to access only the topics exchange. How
> can I further restrict foo's access to topics that begin with foo. ?
> --
> Thanks
> Nite
> _______________________________________________
> rabbitmq-discuss mailing list
> rabbitmq-discuss at lists.rabbitmq.com
> https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss

More information about the rabbitmq-discuss mailing list