ActiveMQ : Use Django Auth with Stomp
https://stackoverflow.com/questions/1571224
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I am working on power monitoring and want to send live power data to authorised users only. Some users have opted to install power sensors in their houses, others are viewing those sensors. Each sensor sends samples to a Twisted backend - the goal is to have this backend forward the data to Javascript running in the browser.
My current solution to forwarding the data is an Orbited server and an instance of MorbidQ (MorbidQ is a Stomp server). Each building in my system (example here) has its own channel for updates. The twisted backend broadcasts the data through the MorbidQ channel to anyone watching, but anyone can watch. There is an entry on my blog about the data flow from sensor to site
For many buildings, I only want a couple of users to be able to see live data in a given building. I would like to use Django Auth if possible, or some sort of workaround if not.
What is the easiest way to secure these channels per user? Can I use Django Auth? Should I use RabbitMQ or ActiveMQ instead of MorbidQ? What measures can I take to keep this solution secure?
For coding I am most confident in C++ and Python.
Thanks!
Solution
If you use the restq extensions for morbidq, you can have it send an http callback to your application every time the user attempts to connect. (See http://www.morbidq.com/trac/wiki/RestQ ). Your django app can then just return yes or no to the connect attempt (after it runs though some auth procedure.)
OTHER TIPS
Reviving an old thread: MorbidQ is not meant for production use AFAIK. ActiveMQ is a much more robust beast and provides much better ways to handle user-based authentication. I wrote this back in 2010 which deals with static user authentication - but ActiveMQ allows you to pass a dynamic list of users for authentication, which can come from whichever backend the application has available. The post I mentioned above does not deal with it, but a little digging into the ActiveMQ authentication/security manual section (plus some Java knowledge) can enable a pretty nasty setup for such use. If LDAP is available, even better.
