[rabbitmq-discuss] Enforcing single connection to a queue

Simon MacMullen simon at rabbitmq.com
Fri Apr 20 11:20:32 BST 2012

On 19/04/12 21:27, RoLo wrote:
> I'm working on a project where we need to enforce only a single client
> connection to a queue.  Worse, the queue has to persist when the connection
> closes, which rules out using the exclusive bit as the AMQP spec states that
> an exclusive queue will always be auto-deleted when the client terminates
> session.

The way we always envisaged this working is:

* Don't allow any of your client users to connect to the management 
plugin (i.e. don't give them the "management", "monitoring" or 
"administrator" tags).

* Use cryptographically random queue names (such as server-generated names).

If the clients can't get into mgmt they can't list queues. And they 
can't guess another client's queue name. So each client can only see its 
own queue(s). If it wants to hand its queue names to other processes it 
can, but that's its business.

Inspired by: http://en.wikipedia.org/wiki/Capability-based_security

Cheers, Simon

Simon MacMullen
RabbitMQ, VMware

More information about the rabbitmq-discuss mailing list