[rabbitmq-discuss] custom exchange checking auth user

Matthias Radestock matthias at rabbitmq.com
Thu Jun 26 18:00:09 BST 2014


On 23/06/14 09:37, Dmitry Andrianov wrote:
> we actually using that thing already - client sets the user ID property
> and server rejects a message if it does not match the actual auth user.
> However, I did read it as that setUserId call being optional - it is up
> to the client to set it. And if client does not set it, no validation is
> performed.
> So how do I prevent messages without an user id from being accepted?

You can't, though your consuming applications could drop such messages.

> If I need a custom exchange type or exchange decorator - it does not
> really makes life much easier.

It would be quite straightforward to write an exchange type or decorator 
that drops messages which do not have the user-id header. Or rejects 
them with some amqp error.

That may not be the ideal solution but can be done now, without 
requiring any changes to rabbit's APIs.


More information about the rabbitmq-discuss mailing list