Fetching user info in RPC

Dhavan V

unread,

Jul 12, 2018, 6:59:34 AM7/12/18

to rabbitmq-users

Hello!

I want to apply some criteria based on the logged in user while handling
RPCs.

For example, while fetching data from db, the queries would have a
filter based on the user's ID. When the RPC server receives the request,
where should it look for to get the user information?

I am using https://github.com/rabbitmq/rabbitmq-auth-backend-amqp for
authentication and authorization.
--
Dhavan V

Michael Klishin

unread,

Jul 12, 2018, 4:47:13 PM7/12/18

to rabbitm...@googlegroups.com

From [1]:

> Authentication requests will be packed into the headers of incoming messages.

1. https://github.com/rabbitmq/rabbitmq-auth-backend-amqp

--
Dhavan V

--
You received this message because you are subscribed to the Google Groups "rabbitmq-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-users+unsubscribe@googlegroups.com.
To post to this group, send an email to rabbitmq-users@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

MK

Staff Software Engineer, Pivotal/RabbitMQ

Dhavan V

unread,

Jul 13, 2018, 1:08:07 AM7/13/18

to rabbitmq-users

I understand that _while authenticating_ the headers contain the data.

I want to know the user when the requests are being handled.

Okay, now I see where I caused the confusion. Sorry, let me clarify.

Scenario:

A user wants to fetch list of friends (arbitrary example).

User makes an RPC to fetch the list.

AMQP plugin authenticates and authorizes the user.

RPC server receives the message.

Now, here is where the RPC server has to know who the user is, so that while making a database query to fetch the list of friends, it can apply filters.

Does this make the question clearer?

On Friday, July 13, 2018 at 2:17:13 AM UTC+5:30, Michael Klishin wrote:

From [1]:

> Authentication requests will be packed into the headers of incoming messages.

1. https://github.com/rabbitmq/rabbitmq-auth-backend-amqp

On Thu, Jul 12, 2018 at 1:59 PM, Dhavan V <dha...@oviyum.com> wrote:

Hello!

I want to apply some criteria based on the logged in user while handling
RPCs.

For example, while fetching data from db, the queries would have a
filter based on the user's ID. When the RPC server receives the request,
where should it look for to get the user information?

I am using https://github.com/rabbitmq/rabbitmq-auth-backend-amqp for
authentication and authorization.

--
Dhavan V

--
You received this message because you are subscribed to the Google Groups "rabbitmq-users" group.

To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-user...@googlegroups.com.
To post to this group, send an email to rabbitm...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

Michael Klishin

unread,

Jul 13, 2018, 12:32:33 PM7/13/18

to rabbitm...@googlegroups.com

Authentication happens once for every connection, so there is only up to two requests to the backend for that.

For subsequent operations there will be *authorization* requests unless caching [1] is enabled.

1. https://github.com/rabbitmq/rabbitmq-auth-backend-cache

To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-users+unsubscribe@googlegroups.com.
To post to this group, send email to rabbitmq-users@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

Dhavan V

unread,

Jul 15, 2018, 11:28:09 PM7/15/18

to rabbitmq-users

I think it still doesn't answer my question.

I am not looking for user info in RabbitMQ server, I am talking about the client which listens to an RPC queue: `rpc_server.py` in the example of https://www.rabbitmq.com/tutorials/tutorial-six-python.html

I will re-iterate, that when I am saying RPC in this context, I am not talking about the RPC made by AMQP Auth plugin. It is the setup as shown in the 6th tutorial (linked above).

The user is authenticated and authorized by the AMQP plugin - this process of sending two RPCs is finished. My question is not about it. Check the scenario I have described in the last post.

If you think your message answers this very question, then I am sorry, can you please elaborate further?

To post to this group, send email to rabbitm...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

Luke Bakken

unread,

Jul 16, 2018, 6:40:50 PM7/16/18

to rabbitmq-users

Hi Dhavan,

You need to provide the user information as part of the message body or headers. RabbitMQ won't normally pass the authentication information on to consumers of the RPC message (i.e. the "RPC server" in your case).

But, the validated user ID feature may be what you're looking for:

https://www.rabbitmq.com/validated-user-id.html

It looks like if you set the user-id message property to the user that opened the connection it will be validated by the server and passed to consumers. I have verified that this works as described using this code:

https://gist.github.com/lukebakken/b1935b0ebae7b5c5a1762cd43e3a5bb7

Thanks,

Luke

Dhavan V

unread,

Jul 17, 2018, 1:36:28 AM7/17/18

to rabbitmq-users

Thanks a lot, this seems to be the option I was looking for.

Thanks!

Reply all

Reply to author

Forward