简体繁体 English

RabbitMQ-访问控制：仅允许排他/自动删除队列

[英]RabbitMQ - access control: allow only exclusive/auto-delete queues

原文 2016-09-24 08:11:19 1 1 rabbitmq/ amqp/ access/ mq/ rabbitmq-exchange

I am developing a typical SaaS product, where users can login and do something . 我正在开发一种典型的SaaS产品，用户可以在其中登录并执行某项操作 。

The frontends are JS for web and Android for smartphones. 前端是用于Web的JS和用于智能手机的Android。 The frontends should get a notification when something has been updated, so they can refresh their views. 前端应在更新某些内容时收到通知，以便刷新视图。 I am thinking about using RabbitMQ for this purpose. 我正在考虑为此目的使用RabbitMQ。

My propose is that each user has its own exchange. 我的建议是每个用户都有自己的交易所。 When something interesting happens for user, a message is sent to his exchange. 当用户发生一些有趣的事情时，一条消息将发送到他的交换机。 Next, when the frontend logs in, it can create an exclusive/auto-delete, bound to his exchange. 接下来，当前端登录时，它可以创建一个独占/自动删除，绑定到他的交换。 So, each frontend session has its own exclusive/auto-delete queue. 因此，每个前端会话都有其自己的排他/自动删除队列。 Therefore, a notification will be retrieved by all active/online frontends, since each of them has their own private queue, which is the expected behavior. 因此，所有活动/在线前端都将检索通知，因为它们每个都有自己的专用队列，这是预期的行为。

Now to my question: how can I prevent that a frontend declares other kind of (possibly durable) queues? 现在我的问题是：如何防止前端声明其他类型的队列（可能持久）？ The frontend should only be allowed to create its own exclusive/auto-delete queue, nothing more. 仅应允许前端创建自己的独占/自动删除队列，仅此而已。 I read through the documentation ( https://www.rabbitmq.com/access-control.html ), but that does not seem to directly supported? 我通读了文档（ https://www.rabbitmq.com/access-control.html ），但这似乎不被直接支持？

1 个解决方案

You can use the rabbitmq_auth_backend_http community plugin and then build your own custom web app which RabbitMQ will call to authorize each request. 您可以使用rabbitmq_auth_backend_http社区插件，然后构建自己的自定义Web应用程序，RabbitMQ将调用该应用程序来授权每个请求。 The web app is very simple, it only needs to implement three endpoints and can be written in any language you choose. 该Web应用程序非常简单，只需要实现三个端点即可，并且可以用您选择的任何语言编写。

More information can be found here: https://github.com/rabbitmq/rabbitmq-auth-backend-http There's also a Django app in the examples folder that you can customize to support your unique requirements. 在此处可以找到更多信息： https : //github.com/rabbitmq/rabbitmq-auth-backend-http在examples文件夹中还有一个Django应用，您可以对其进行自定义以支持您的独特需求。

Also, you can use a single Topic exchange for all your users. 另外，您可以为所有用户使用一个主题交换。 Each user can have a unique queue bound to that topic exchange, so that all messages with the users key will be sent to their queue via the exchange. 每个用户可以具有绑定到该主题交换的唯一队列，以便具有用户密钥的所有消息都将通过交换发送到他们的队列。 You can use your custom authorization API to make sure users only publish and subscribe to queues that they are authorized for, since the authorization web app is aware of the topic key a user is trying to publish a message to. 您可以使用自定义授权API来确保用户仅发布和订阅他们被授权的队列，因为授权Web应用程序知道用户试图向其发布消息的主题密钥。