[rabbitmq-discuss] STOMP Authentication Idea

Nemanja Stefanovic nemik at nemik.net
Thu Apr 23 23:01:17 BST 2009


Hello,

I just wanted to contribute some code I recently changes if anyone needs it.
We have a use-case where I'm using STOMP with RabbitMQ's STOMP adapter and
Orbited to push updates to a browser, or maybe even allow clients to connect
to the STOMP server, not sure yet. Anyway, we need to ensure that only
certain users get pushed certain content, hence authentication.

The way I have this working is: client connects to STOMP with generic
just-TLD cookie (so it can be passed also to STOMP server which would run on
another subdomain) and Orbited's io.js can read the cookie and send it up to
the STOMP adapter as a 'cookie' header. It (the JS) also generates a random
ID for the queue-name for that connection. This is all assuming I have 1
queue per connection as per the broadcast-style suggestion for STOMP
adapter.

So now the STOMP adapter reads that cookie header and hits a page using
http:request (via inets) with that cookie and passes in the queue name too.
The web-app will recognize the cookie as belonging to a user and read the
queue name. It (the web-app) will then set the appropriate bindings for that
user. Since this is a topic exchange, the bindings would be for the topics
updates the user will receive on her browser. If there is no cookie or the
cookie is invalid, the web-app can take care of all that and just assign
some default bindings for guests.

This is all working pretty well, except that I have to start 'inets:start()'
manually in the erl command prompt. I was wondering how could I get this to
be done on startup when the STOMP adapter starts?

I've attached the code and a diff (based on the tip of STOMP adapter from
hg). Right now the URL is hardcoded but I plan to make that more
configurable later.

Anyway, I hope maybe it can be of some use to someone who might need similar
functionality.

-Nemanja
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20090423/06ae049a/attachment.htm 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: auth.diff
Type: application/octet-stream
Size: 2616 bytes
Desc: not available
Url : http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20090423/06ae049a/attachment.obj 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: rabbit_stomp.erl
Type: application/octet-stream
Size: 25468 bytes
Desc: not available
Url : http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20090423/06ae049a/attachment-0001.obj 


More information about the rabbitmq-discuss mailing list