[rabbitmq-discuss] Authorization in RabbitMQ

Marek Majkowski majek04 at gmail.com
Mon Oct 4 14:20:44 BST 2010


On Sun, Oct 3, 2010 at 18:18, Ralf Kistner <ralf.kistner at gmail.com> wrote:
> For my application I have many users that need to publish messages.
> When processing messages, I need to validate that the user had
> permission to perform the requested operations.
>
> I could not find any way for the consumer of the message to determine
> the identity of the user that sent the message. Is this possible, or
> do I have to send kind of authorization token with every message?
>
> Currently I'm using STOMP for the connection to the clients. An
> alternative would be to create some middle layer between the clients
> and RabbitMQ. This middle layer could then automatically add
> authorization tokens to each message. Any comments on this? Would it
> be better to implement this middle layer as a plugin in RabbitMQ, or
> as a separate AMQP client?

Ralf,

I don't think STOMP adds any auth headers to messages. STOMP is
basically a very simple protocol, and should remain as simple as possible.

I'm not sure what setup you have, but can you just implement authentication
inside your application? Maybe a crypto signature that comes with the message?

Cheers,
  Marek


More information about the rabbitmq-discuss mailing list