[rabbitmq-discuss] custom exchange checking auth user
Dmitry Andrianov
dmitry.andrianov at alertme.com
Mon Jun 23 09:37:29 BST 2014
Matthias,
we actually using that thing already - client sets the user ID property
and server rejects a message if it does not match the actual auth user.
However, I did read it as that setUserId call being optional - it is up
to the client to set it. And if client does not set it, no validation is
performed.
So how do I prevent messages without an user id from being accepted?
If I need a custom exchange type or exchange decorator - it does not
really makes life much easier.
Also, as I said, there was an idea to automatically add a header with
client's IP address to each incoming message.
However after playing with custom exchange, I can see that its route
call is not the place for it anyway, so we are back to square one with
this specific idea.
Thanks
On 20/06/14 23:53, Matthias Radestock wrote:
> On 20/06/14 15:45, Dmitry Andrianov wrote:
>> So we do not trust AMQP headers we receive from the client but we do
>> trust the SSL certificate and we do trust AQMP headers after the message
>> came through the first Rabbit and was verified.
>
> Would https://www.rabbitmq.com/validated-user-id.html help, perhaps?
>
> Matthias.
>
This email is for the use of the intended recipient(s) only.
If you have received this email in error, please notify the sender immediately and then delete it.
If you are not the intended recipient, you must not use, disclose or distribute this email without the
author's prior permission. AlertMe.com Ltd. is not responsible for any personal views expressed
in this message or any attachments that are those of the individual sender.
AlertMe.com Ltd, 30 Station Road, Cambridge, CB1 2RE, UK.
Registered in England, Company number 578 2908, VAT registration number GB 895 9914 42.
More information about the rabbitmq-discuss
mailing list