RabbitMQ + Web Stomp and Security

Question

RabbitMQ + Web Stomp and Security

RabbitMQ + Web Stomp is awesome. However, I do have some topics that I would like to protect as read-only or write-only.

It seems the only mechanism that provides them is with rabbitmqctl. I can create vhost user and then apply some permissions. However, this is where the implementation of Stomp and Rabbit begins to break down.

topics take the form: / topic / blah in stomp, which goes to "amq.topic" in Rabbit with the routing key "blah". It would seem that there is no way to set permissions for a routing key. It seems:

rabbitmqctl set_permissions -p vhost user ".*" ".*" "^amq\.topic"

- The best I can do is still ALL topics. I also studied exchanges, but in javascript there is no way to define them on the fly.

Did I miss something?

Link: http://www.rabbitmq.com/blog/2012/05/14/introducing-rabbitmq-web-stomp/

+5

javascript rabbitmq stomp

jbg Sep 04 '12 at 12:31

source share

2 answers

https://github.com/simonmacmullen/rabbitmq-auth-backend-http . Google , ACL- script http ( ), "" ""

+7

Ruslan Talpa 26 . '13 8:35

Marek · Accepted Answer · 2012-09-05T11:12:32+0000

Yes, with RabbitMQ-WebStomp you are pretty much limited to the installed RabbitMQ permissions. This is not ideal, but you should be able to get a basic setting of permissions. Take a look at the RabbitMQ docs:

http://www.rabbitmq.com/access-control.html

Quickly looking at the stomping documents:

http://www.rabbitmq.com/stomp.html

Yes, you cannot configure permissions for a specific routing key. Maybe you should use the semantics of the exchange, plus explicitly bind the exchange to the queue (i.e. do not use topics):

/ exchange / exchange_name [/ routing_key].

, RMQ rabbitmq-discuss. .

, RMQ . :

STOMP AJAX, .
web-stomp SockJS RabbitMQ. , .

RabbitMQ + Web Stomp and Security

More articles: