[rabbitmq-discuss] Problems with STOMP & access control

Lionel Cons lionel.cons at cern.ch
Mon Feb 27 10:31:45 GMT 2012


Steve Powell writes:
 > Does the STOMP specification talk about access control at all?

No. The specification does not describe the broker behavior. Even
something like "/topic/foo" means a JMS-style topic named "foo" is
outside of the spec.

 > I think the destination names aren't all entirely opaque, so it
 > might be possible to exert access control on some resources, but a
 > comprehensive solution is not available, I'm afraid.

It seems that things might work with queues since a STOMP destination
of "/queue/foo" will AFAIK use a queue named "foo". To be confirmed.

Topics are more problematic but this does not seem to be STOMP specific.

In AMQP, how would you configure the RabbitMQ ACLs so that client A
can only send to amq.topic with a routing key matching A.* while
client B is restrcited to routing keys matching B.*?

The http://www.rabbitmq.com/access-control.html page does not really
describe what a reource is. Would a syntax like amq.topic:A.* make
sense to perform routing key based access control?

Cheers,

Lionel


More information about the rabbitmq-discuss mailing list