[rabbitmq-discuss] Problems with STOMP & access control

Steve Powell steve at rabbitmq.com
Mon Feb 27 09:44:56 GMT 2012


Lionel,

Apologies for tardy reply.

Presently there is no way to set access control based upon the STOMP names,
though I agree this would be desirable. Does the STOMP specification talk about
access control at all?

I think the destination names aren't all entirely opaque, so it might be
possible to exert access control on some resources, but a comprehensive solution
is not available, I'm afraid.

Steve Powell
steve at rabbitmq.com
[wrk: +44-2380-111-528] [mob: +44-7815-838-558]

On 21 Feb 2012, at 13:44, Lionel Cons wrote:

> I've read http://www.rabbitmq.com/access-control.html and
> http://www.rabbitmq.com/stomp.html and I did not find any practical
> way to use access control with STOMP.
> 
> In the STOMP world (in fact, since STOMP is broker behavior agnostic,
> this is rather tied to the JMS world), one can use destinations like
> /queue/test.foo or /topic/test.bar. It would be natural to use these
> names in the access control regexps to allow, for instance, a given
> user to access all queues matching "test\..*".
> 
> Unfortunately, the STOMP destinations names get mapped to AMQP
> resource names that loose the original names, for instance
> amq.gen-AXVr2gFuBTO4duQ5OEC9b9.
> 
> Is there a way in RabbitMQ to use access control based on the STOMP
> destination names?
> 
> Cheers,
> 
> Lionel
> _______________________________________________
> rabbitmq-discuss mailing list
> rabbitmq-discuss at lists.rabbitmq.com
> https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss



More information about the rabbitmq-discuss mailing list