[rabbitmq-discuss] custom exchange checking auth user
Matthias Radestock
matthias at rabbitmq.com
Thu Jun 26 18:00:09 BST 2014
Dmitry,
On 23/06/14 09:37, Dmitry Andrianov wrote:
> we actually using that thing already - client sets the user ID property
> and server rejects a message if it does not match the actual auth user.
> However, I did read it as that setUserId call being optional - it is up
> to the client to set it. And if client does not set it, no validation is
> performed.
> So how do I prevent messages without an user id from being accepted?
You can't, though your consuming applications could drop such messages.
> If I need a custom exchange type or exchange decorator - it does not
> really makes life much easier.
It would be quite straightforward to write an exchange type or decorator
that drops messages which do not have the user-id header. Or rejects
them with some amqp error.
That may not be the ideal solution but can be done now, without
requiring any changes to rabbit's APIs.
Matthias.
More information about the rabbitmq-discuss
mailing list