[rabbitmq-discuss] Missing features making me look at moving off RabbitMQ

Christian Legnitto clegnitto at mozilla.com
Mon Nov 1 18:49:29 GMT 2010


On Nov 1, 2010, at 9:56 AM, Rob Harrop wrote:

>>>> -- Support custom authentication schemes <e.g. LDAP>
>> 
>> Spring Security and Spring Integration already work together (and LDAP
>> is a dime a dozen for Spring Security users), so Spring AMQP with
>> Spring Integration might provide a nice high-level wrapper for this.
> 
> I'm not sure this will quite address the issue. If the plan is to allow pluggable authentication for credentials supplied to the RabbitMQ broker, then the plug point will be in the broker, not in the client application.
> 
> I _think_ this is what Christian was getting at :)

Yep, talking about on the broker. I don't even use Java :-)

> 
>> 
>>>> -- Support message-level permissions
>>> That sounds like a pretty hard problem. Are there any messaging systems
>>> out there that do something close to what you need here?
>> 
>> Spring Security is pretty good for that kind of requirement also. We
>> could try it pretty soon once Spring AMQP and Spring Integration get
>> properly synched up (should be any time, now that Spring Integration
>> 2.0 is getting close to final).
> 
> I think this gets close but I'm not sure it's necessarily the whole solution. Using Spring Security, message  filtering can happen at the application-level, but I think Christian was talking more about RabbitMQ not sending message to certain consumers at all.
> 
> In this case, I'm imagining the idea is to have permissions controlling which RabbitMQ users can see which messages. The broker will then only deliver messages to consumers where the authenticated user is allowed to see the messages.

Exactly. Specifically for the Bugzilla message case, if a comment is marked private I want the "comment changed" message to only be vended to consumers who have authenticated with a user who can see private comments. I also only want the matching "bug changed" message to be visible to those people as well. If I have everything publishing to the same exchange the permissions are too coarse to allow this.

> 
>> Dave.
> 
> Rob
> 
>> _______________________________________________
>> rabbitmq-discuss mailing list
>> rabbitmq-discuss at lists.rabbitmq.com
>> https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
> 
> _______________________________________________
> rabbitmq-discuss mailing list
> rabbitmq-discuss at lists.rabbitmq.com
> https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss



More information about the rabbitmq-discuss mailing list