[rabbitmq-discuss] custom exchange checking auth user

Dmitry Andrianov dmitry.andrianov at alertme.com
Mon Jun 23 09:37:29 BST 2014

we actually using that thing already - client sets the user ID property 
and server rejects a message if it does not match the actual auth user.
However, I did read it as that setUserId call being optional - it is up 
to the client to set it. And if client does not set it, no validation is 
So how do I prevent messages without an user id from being accepted?
If I need a custom exchange type or exchange decorator - it does not 
really makes life much easier.

Also, as I said, there was an idea to automatically add a header with 
client's IP address to each incoming message.
However after playing with custom exchange, I can see that its route 
call is not the place for it anyway, so we are back to square one with 
this specific idea.


On 20/06/14 23:53, Matthias Radestock wrote:
> On 20/06/14 15:45, Dmitry Andrianov wrote:
>> So we do not trust AMQP headers we receive from the client but we do
>> trust the SSL certificate and we do trust AQMP headers after the message
>> came through the first Rabbit and was verified.
> Would https://www.rabbitmq.com/validated-user-id.html help, perhaps?
> Matthias.

This email is for the use of the intended recipient(s) only.
If you have received this email in error, please notify the sender immediately and then delete it.
If you are not the intended recipient, you must not use, disclose or distribute this email without the
author's prior permission. AlertMe.com Ltd. is not responsible for any personal views expressed
in this message or any attachments that are those of the individual sender.

AlertMe.com Ltd, 30 Station Road, Cambridge, CB1 2RE, UK.
Registered in England, Company number 578 2908, VAT registration number GB 895 9914 42.

More information about the rabbitmq-discuss mailing list