How to limit MQTT user to only one topic

0
votes

I'm looking for a way to limit user access only to dedicated topics e.g.:

user1 should have access only to user1/# topics, so he can subscribe/publish user1/sensor/1 or user1/conf/mode but not user2/sensor/2 etc.

Analogically user2 should have access only to user2/# with all sub-topics.

I can do it in eMQTT broker by using ACL settings but I can't find similar in RabbitMQ. I already use AMQP in my project so I'd like to avoid installing additional eMQTT broker, especially when RabbitMQ can support MQTT.

2
rabbitmqmqtt

2 Answers

1
votes

From what I can tell topic based authentication is a work in progress for RabbitMQ. Take a look at these two discussions for more context:

https://github.com/rabbitmq/rabbitmq-server/issues/505

https://github.com/rabbitmq/rabbitmq-mqtt/issues/95

Looks like it will be included in a future release but, from a quick skim of the changelog, it appears to not have been implemented yet.

I haven't used it but Antione Galataud's topic authorization plugin looks like it might provide you with an interim solution until an official one exists: https://antoine-galataud.github.io/messaging/rabbitmq/mqtt/stomp/authorization/2015/10/15/rabbit-topic-auth.html

0
votes

We already implemented it and have this on production. We use IBM IMA message broker, having {groupId} placeholder in topic. This {groupId} you can link in IMA with external LDAP.

I will suggest to work with RabbitMQ broker documentation and check security features they support.