[rabbitmq-discuss] Authenticating to Applications

Max Bridgewater max.bridgewater at gmail.com
Thu Feb 17 01:12:43 GMT 2011


Let's say I want to go with the built-in authentication mechanism and
I have an application running on top of RabbitMQ. Is there a way for
my application to know with certainty that a message is effectively
coming from a source A and not from B?

Even if A and B are authenticated, I don't find a way in the Java API
that tells me who sent the message. I was assuming that after
authentication, RabbitMQ would set the user-Id in BasicProperties.
Then, any attempt to temper with that ID would be detected by RabbitMQ
and the message discarded.

One solution at the application level would be to do it the HTTP way:
authenticate the user at the app level, create a sessionId or
correlation Id and ensure that all messages from the user have this
session Id. This, however, seems to me like reinventing something that
the messaging framework should already be doing.

Any idea?


More information about the rabbitmq-discuss mailing list