This plugin checks authorizations on routing keys. It can be used with internally-defined ACLs, as well as external authorization plugins (e.g. rabbitmq-auth-backend-http).
This plugin targets RabbitMQ 3.6.0 and later versions.
Check https://github.com/airboxlab/rabbitmq-topic-authorization/releases page
To use this plugin you will have to build RabbitMQ from master and then build the plugin against it, since it depends on a new interceptors API that's not yet available on the 3.5.x series.
Follow plugin development instructions: http://www.rabbitmq.com/plugin-development.html.
Just enable the plugin with the following command:
rabbitmq-plugins enable rabbitmq_topic_authorizationThe plugin will then hook into the basic.publish, exchange.bind, exchange.unbind, queue.bind and queue.unbind processes in order to
check current user authorizations against related routing key.
If you're using rabbitmq-auth-backend-http plugin, you will get a call to the resource/ end point with ?resource=routing_key&name=<routing key definition>
The plugin hooks into the basic.publish, exchange.bind and queue.bind paths, so there could be a significant performance impact, especially when using external authentication mechanisms (e.G. ldap or http auth plugins). It uses a channel-scoped cache to reduce latency.
See the LICENSE file