[rabbitmq-discuss] Web-STOMP plugin - Authentication with SSL Client Certificates

• Previous message: [rabbitmq-discuss] Web-STOMP plugin - Authentication with SSL Client Certificates
• Next message: [rabbitmq-discuss] Web-STOMP plugin - Authentication with SSL Client Certificates
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 18 June 2014 at 19:51:57, Andrei (andrei002 at gmail.com) wrote:
> > 1. Is there any possibility for this feature to be implemented  
> in one of the next releases, in order for Web-STOMP to be fully  
> compatible with STOMP plugin?
>  
> 2. In case it is too complex to implement due to lack of client SSL  
> authentication mechanisms in Cowboy, could it be implemented  
> in the following way, as a workaround?

It's possible to add SSL certificate authentication to Web STOMP
but it may involve upgrading Cowboy and SockJS first => not a trivial amount of work.

The workaround you suggest may work but

 * It will be hard to justify supporting such a homegrown authentication scheme
 * It may also run into limitations in SockJS

So I'd recommend combining HTTPS connection with credentials obtained from an HTTPS
endpoint in your JS application. This is not great but largely is the state of
the art in Web messaging authentication. Fairly big Web players recommend something
very similar [1].

1. https://devcenter.heroku.com/articles/websocket-security  
--  
MK  

Software Engineer, Pivotal/RabbitMQ

• Previous message: [rabbitmq-discuss] Web-STOMP plugin - Authentication with SSL Client Certificates
• Next message: [rabbitmq-discuss] Web-STOMP plugin - Authentication with SSL Client Certificates
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]