Is there any way to connect to rabbitmq without rabbit server username and password on javascript.
I don't wanna use this unsecure way
var client = Stomp.overWS('ws://localhost:61614/stomp');
client.connect(login, passcode, connectCallback);
Asked
Active
Viewed 1,370 times
1 Answers
3
At some level, the stomp connection will require a username/password. The way to secure the connection is to create a special limited RabbitMQ user with the minimum set of permissions required. You can see details of the permissions options on the RabbitMQ ACL page.
Additionally, if you don't want to pass a username/password from the stomp client, you can set a "default user" which is used with an anonymous stomp connection. See the "Default User" section of the RabbitMQ STOMP page.
However, be aware that while you aren't passing a username/password from the client, the client will still have all the permissions on the RabbitMQ broker that the "default user" has.
lsowen
- 3,728
- 1
- 21
- 23
-
First, thanks for your answer, if i made all user as guest user then i have another problem. I need authentication for user does not be able to subscribe another user's queue or exchange. I mean client connect to rabbitmq server (to your answer as a guest user) then subscribe to an exchange via routing key. I need to check is this user can be able to subscribe with this routing key. How can i fixed this problem. – V.B. Apr 07 '15 at 22:29
-
@V.B.it is a "default user", which should not be the same as the user with the `guest` username. Instead, it would be a user with a different username and specifically assigned permissions. However, you can only have one "default user", so I'm not sure it would work in your case. Is there a reason you can't create one user per stomp user with very limited permissions? Then you could connect as that user (with `client.connect(username, password, connectCallback)`), but because the user only has limited permissions, it wouldn't matter that the end user knew the username/password. – lsowen Apr 07 '15 at 22:56