[rabbitmq-discuss] Rabbitmq custom plugin authorization

• Previous message: [rabbitmq-discuss] Rabbitmq custom plugin authorization
• Next message: [rabbitmq-discuss] Can't create queues
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi, Prabodh:

For my next phase, I need to integrate with the external system and control
> authorization.  First thing I need to do is control users from creating
> temporary queue with only certain filter criteria.  i.e. allow logged in
> user to create a queue based on filter key *.warning.  This user will not
> have permission to create a queue with *.error tag.  How can I control
> that?
>

To handle such checks you'll have to implement an "authorization backend"
by implementing the 'rabbit_auth_backend' Erlang behaviour.

The behaviour in question is pretty simple, exposing only
check_user_login/2, check_vhost_access/2 and check_resource_access/2.  The
last of these three is where you will want to implement your logic for
enforcing what operations a user can perform on which resources.

If you want some example code to look at, check out the source for the
RabbitMQ broker itself, which implements the above behaviour, with checks
against an Mnesia-based database of users and permissions, in the file
rabbit_auth_backend_internal.erl; the Mnesia/database stuff there is likely
not directly relevant to your application but you can get a sense for the
sorts of work you'll need to do to get what you want working.

Best regards,
Jerry
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20130227/645aca2b/attachment.htm>

• Previous message: [rabbitmq-discuss] Rabbitmq custom plugin authorization
• Next message: [rabbitmq-discuss] Can't create queues
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]