[rabbitmq-discuss] custom exchange checking auth user

Dmitry Andrianov dmitry.andrianov at alertme.com
Thu Jun 26 18:10:17 BST 2014

we did not want to do that kind of tests in the consuming applications 
because more consumers can be created later and copying that kind of 
check into each of them is error prone and is easy to be forgotten, 
especially by new team members. So we opted for the custom exchange type 
that just does not allow these messages into the system. And I do 
confirm no API changes were required :) - there are a few examples of 
custom exchanges on the internet. My only problem was Erlang :)

While we are there given that we have our custom exchange - how can we 
"enrich" a message with some data like client's IP?
(I know we are not supposed to touch the message according to AMQP 
standard, but we are not very standard already given three custom plugins)

Thank you.

On 26/06/14 18:00, Matthias Radestock wrote:
> Dmitry,
> On 23/06/14 09:37, Dmitry Andrianov wrote:
>> we actually using that thing already - client sets the user ID property
>> and server rejects a message if it does not match the actual auth user.
>> However, I did read it as that setUserId call being optional - it is up
>> to the client to set it. And if client does not set it, no validation is
>> performed.
>> So how do I prevent messages without an user id from being accepted?
> You can't, though your consuming applications could drop such messages.
>> If I need a custom exchange type or exchange decorator - it does not
>> really makes life much easier.
> It would be quite straightforward to write an exchange type or 
> decorator that drops messages which do not have the user-id header. Or 
> rejects them with some amqp error.
> That may not be the ideal solution but can be done now, without 
> requiring any changes to rabbit's APIs.
> Matthias.

This email is for the use of the intended recipient(s) only.
If you have received this email in error, please notify the sender immediately and then delete it.
If you are not the intended recipient, you must not use, disclose or distribute this email without the
author's prior permission. AlertMe.com Ltd. is not responsible for any personal views expressed
in this message or any attachments that are those of the individual sender.

AlertMe.com Ltd, 30 Station Road, Cambridge, CB1 2RE, UK.
Registered in England, Company number 578 2908, VAT registration number GB 895 9914 42.

More information about the rabbitmq-discuss mailing list