[rabbitmq-discuss] Read-only access to STOMP topic

Fri May 18 11:20:26 BST 2012

Clay,

Please can you tell us what version of RabbitMQ+ STOMP you are using?

My colleague (Matthias) pointed out that a receipt on an explicit
DISCONNECT in the publishers would be as effective, and rather cleaner
code. Please let us know if this helps.

Steve Powell
steve at rabbitmq.com
[wrk: +44-2380-111-528] [mob: +44-7815-838-558]

On 18 May 2012, at 10:53, Steve Powell wrote:

> Clay,
> 
> This looks like a bug (two people appear to have spotted this!), but
> while we investigate, you could try making the publishers ask for a
> receipt for the SEND. It is possible that terminating abruptly may
> interfere with the propagation of the last message.
> 
> Steve Powell
> steve at rabbitmq.com
> [wrk: +44-2380-111-528] [mob: +44-7815-838-558]
> 
> On 17 May 2012, at 16:28, Clay McClure wrote:
> 
>> Thanks Simon, that did the trick.
>> 
>> Now I'm trying to sort out why I'm seeing intermittent message loss. My subscribers are long-running processes that CONNECT and SUBSCRIBE once at start-up, so I don't think it's the same problem I've seen on the mailing list re: receipt headers. My publishers, however, are short-lived, ephemeral processes that CONNECT, SEND, and terminate. About 10% of the time these messages aren't making it to the subscribers. Does this sound like a known issue?
>> 
>> Thanks,
>> 
>> Clay
>> 
>> 
>> On Thu, May 17, 2012 at 6:25 AM, Simon MacMullen <simon at rabbitmq.com> wrote:
>> On 16/05/12 22:50, Clay McClure wrote:
>> Howdy,
>> 
>> Hi!
>> 
>> I would like to grant a user read-only access to a STOMP topic, while
>> granting another user read-write access to that same topic. In this
>> way, I can be assured that topic subscribers cannot also post messages
>> to the topic. I've tried using the following permissions:
>> 
>>    rabbitmqctl set_permissions read-only-user '.*' '^$' '.*'
>>    rabbitmqctl set_permissions read-write-user '.*' '.*' '.*'
>> 
>> which would, in my view, prevent the read-only-user from writing to
>> any topic.
>> 
>> Yes. But it also prevents them from writing to any *queue*. Try:
>> 
>> rabbitmqctl set_permissions read-only-user '.*' '^amq.gen.*$' '.*'
>> 
>> to allow them to write to (i.e. bind) the queue they created.
>> 
>> or
>> 
>> rabbitmqctl set_permissions read-only-user '^amq.gen.*$' '^amq.gen.*$' '.*'
>> 
>> to restrict what they can create, as well.
>> 
>> However, it seems that write permission is required to bind
>> to an exchange (http://www.rabbitmq.com/access-control.html),
>> 
>> Write permission is required to bind to an exchange as a *destination*, when using exchange-to-exchange bindings. The idea is that read permission means "bind so that I can read messages from" and write means "bind so that I can write messages to".
>> 
>> Cheers, Simon
>> 
>> 
>> so when
>> the read-only-user tries to SUBSCRIBE to the topic, we get:
>> 
>>    ACCESS_REFUSED - access to queue 'amq.gen-JUCwAsef2r336/
>> uzsYwAmA==' in vhost '/' refused for user 'read-only-user'
>> 
>> How can I grant read-only access to the topic?
>> 
>> Thanks,
>> 
>> Clay
>> _______________________________________________
>> rabbitmq-discuss mailing list
>> rabbitmq-discuss at lists.rabbitmq.com
>> https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
>> 
>> 
>> -- 
>> Simon MacMullen
>> RabbitMQ, VMware
>> 
>> 
>> 
>> -- 
>> Clay McClure
>> Management & Booking
>> Effective Entertainment LLC
>> 404-314-1351
>> 
>> 
>> _______________________________________________
>> rabbitmq-discuss mailing list
>> rabbitmq-discuss at lists.rabbitmq.com
>> https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
> 
> _______________________________________________
> rabbitmq-discuss mailing list
> rabbitmq-discuss at lists.rabbitmq.com
> https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss