[rabbitmq-discuss] Message routing
matthias at lshift.net
Thu Nov 29 07:40:19 GMT 2007
Martin Sustrik wrote:
> When client calls and requests access to some service the only thing you
> have to do is to grant him necessary privileges to bind to the specific
> exchange. I don't know how this can be done using RabbitMQ. *Question
> for RabbitMQ team!*
Exchanges and queues belong to realms. Realms can be created using the
rabbitmqctl admin tool - see
http://www.rabbitmq.com/admin-guide.html#add_realm. The realm of an
exchange/queue is determined at the time of their creation.
Publishing to an exchange requires the user to have 'write' access to
the exchange's realm. This can be granted with the rabbitmqctl admin
tool - see http://www.rabbitmq.com/admin-guide.html#set_permissions.
So far so good.
However, binding a queue to an exchange requires the user to have
'active' access to the *queue*'s realm. The AMQP 0-8 spec says nothing
about the exchange's realm in this context.
So there doesn't appear to be a way to restrict queue-exchange bindings.
Also, the concept of realms is being revamped/removed(?) in AMQP 0-10.
More information about the rabbitmq-discuss