diff --git a/deps/rabbitmq_auth_backend_http/README.md b/deps/rabbitmq_auth_backend_http/README.md index a4a5d6b81b..3ad7538bb7 100644 --- a/deps/rabbitmq_auth_backend_http/README.md +++ b/deps/rabbitmq_auth_backend_http/README.md @@ -5,72 +5,58 @@ authentication (determining who can log in) and authorisation (determining what permissions they have) by making requests to an HTTP server. -As with all authentication plugins, this one requires rabbitmq-server +As with all [authentication plugins](http://rabbitmq.com/access-control.html), this one requires RabbitMQ server 2.3.1 or later. Note: it's at an early stage of development, although it's conceptually very simple. -# Downloading +## Downloading You can download a pre-built binary of this plugin from -http://www.rabbitmq.com/community-plugins.html. +the [Community Plugins page](http://www.rabbitmq.com/community-plugins.html). -# Building +## Building You can build and install it like any other plugin (see [the plugin development guide](http://www.rabbitmq.com/plugin-development.html)). This plugin depends on the Erlang client (just to grab a URI parser). -# Enabling the plugin +## Enabling the plugin To enable the plugin, set the value of the `auth_backends` configuration item for the `rabbit` application to include `rabbit_auth_backend_http`. `auth_backends` is a list of authentication providers to try in order. -So a configuration fragment that enables this plugin *only* would look like: +See the [Access Control guide](http://rabbitmq.com/access-control.html) for more information. -For `rabbitmq.conf`: +To use this backend exclusively, use the following snippet in `rabbitmq.conf` (currently +in master) auth_backends.1 = http -For `rabbitmq.config` (prior to 3.7.0) or `advanced.config`: +Or, in the classic config format (`rabbitmq.config`, prior to 3.7.0) or `advanced.config`: [{rabbit, [{auth_backends, [rabbit_auth_backend_http]}]}]. -to use only HTTP, or: - -For `rabbitmq.conf`: - - auth_backends.1 = http - auth_backends.2 = internal - -For `rabbitmq.config` (prior to 3.7.0) or `advanced.config`: - - [{rabbit, - [{auth_backends, [rabbit_auth_backend_http, rabbit_auth_backend_internal]}] - }]. - -to try the HTTP plugin first and then fall back to the internal database. - -See http://www.rabbitmq.com/configure.html#configuration-file for more detail +See [RabbitMQ Configuration guide](http://www.rabbitmq.com/configure.html) for more detail on `auth_backends`. -# Configuring the plugin +## Configuring the Plugin You need to configure the plugin to know which URIs to point at. -A minimal configuration file might look like: +Below is a minimal configuration file example. -For `rabbitmq.conf`: +In `rabbitmq.conf` (currently RabbitMQ master): auth_backends.1 = http http.user_path = http://some-server/auth/user http.vhost_path = http://some-server/auth/vhost http.resource_path = http://some-server/auth/resource -For `rabbitmq.config` (prior to 3.7.0) or `advanced.config`: +In the classic config format (`rabbitmq.config` prior to 3.7.0 or `advanced.config`): [ {rabbit, [{auth_backends, [rabbit_auth_backend_http]}]}, @@ -80,7 +66,7 @@ For `rabbitmq.config` (prior to 3.7.0) or `advanced.config`: {resource_path, "http://some-server/auth/resource"}]} ]. -# What must my web server do? +# What Must My Web Server Do? This plugin requires that your web server respond to requests in a certain predefined format. It will make GET requests against the URIs @@ -105,7 +91,7 @@ Note that you cannot create arbitrary virtual hosts using this plugin; you can o * `vhost` - the name of the virtual host containing the resource * `resource` - the type of resource (`exchange`, `queue`) * `name` - the name of the resource -* `permission` - the access level to the resource (`configure`, `write`, `read`) - see [the admin guide](http://www.rabbitmq.com/access-control.html) for their meaning +* `permission` - the access level to the resource (`configure`, `write`, `read`) - see [the Access Control guide](http://www.rabbitmq.com/access-control.html) for their meaning Your web server should always return HTTP 200 OK, with a body containing: @@ -114,13 +100,13 @@ containing: * `allow` - allow access to the user / vhost / resource * `allow [list of tags]` - (for `user_path` only) - allow access, and mark the user as an having the tags listed -# Debugging +## Debugging Check the RabbitMQ logs if things don't seem to be working properly. Look for log messages containing "rabbit_auth_backend_http failed". -# Example +## Example App (in Python) In `examples/rabbitmq_auth_backend_django` there's a very simple Django app that can be used for authentication. On Debian / Ubuntu you