RabbitMQ + Web Stomp is awesome. However, I have some topics I would like secure as read-only or write-only.
It seems the only mechanism to secure these are with rabbitmqctl. I can create a vhost, a user and then apply some permissions. However, this is where then Stomp and Rabbit implementation starts to break down.
topics take form: /topic/blah in stomp, which routes to "amq.topic" in Rabbit with a routing key "blah". It would seem there is no way to set permissions for the routing key. Seems:
rabbitmqctl set_permissions -p vhost user ".*" ".*" "^amq\.topic"
is the best I can do, which is still "ALL" topics. I've looked into exchanges as well, but there is no way in javascript to define these on the fly.
Am I missing something here?
Reference: http://www.rabbitmq.com/blog/2012/05/14/introducing-rabbitmq-web-stomp/
Try this https://github.com/simonmacmullen/rabbitmq-auth-backend-http It's much more flexible. Basically it's small auth plugin for rabbit that delegates ACL decisions to a script over http (of which you have total control) which only has to reply with "allow" or "deny"
Yes, with RabbitMQ-WebStomp you're pretty much limited to normal RabbitMQ permissions set. It's not ideal, but you should be able to get basic permission setup right. Take a look at RabbitMQ docs:
http://www.rabbitmq.com/access-control.html
Quickly looking at the stomp docs:
http://www.rabbitmq.com/stomp.html
yes, you can't set up permissions for a particular routing key. Maybe you should use the 'exchange' semantics, plus bind an exchange with a queue explicitly (ie: don't use topics):
/exchange/exchange_name[/routing_key].
Please, do ask concrete questions about RMQ permissions on rabbitmq-discuss mailing list. People there are really helpful.
Unfortunately, RMQ permission set is not enough for some more complex scenarios. In this case you may want to:
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With