With the auto configure for rabbitmq, currently it is not possible to set SaslConfig. Currently, it always uses the default one: Plain. Could this be enhanced?
Comment From: wilkinsona
What would you like to be able to set it to? One of the DefaultSaslConfig constants (PLAIN or EXTERNAL), your own implementation of SaslConfig, JDKSaslConfig possibly with some configured mechanisms, something else?
Comment From: ellac-sportsbet
Thanks for your quick response. As of now, I am only looking for setting it as one of the DefaultSaslConfig(more precisely, in some cases, I would like to set it to EXTERNAL). But customized implementation might be beneficial to other people as well?
Comment From: boettj3
We would need to setSaslConfig to DefaultSaslConfig.EXTERNAL in order to be able to do client certificate authentication with RabittMQ. At the moment this is preventing us from using spring-boot
Comment From: ellac-sportsbet
@jimbo1007 Not sure whether you have tried a work around like below in configuration class:
@PostConstruct
public void init() {
if (rabbitProperties.getSsl().isEnabled() && rabbitProperties.getSsl().getKeyStore() != null) {
cachingConnectionFactory.getRabbitConnectionFactory().setSaslConfig(DefaultSaslConfig.EXTERNAL);
}
}
Comment From: boettj3
I tried your workaround and it is working. Thank you for the help
Comment From: ayudovin
@wilkinsona, As far as I understand, you want to create RabbitConnectionFactoryBeanCustomizer interface. Implementations of this interface will be injected in RabbitAutoConfiguration and will customize RabbitConnectionFactoryBean, is it correct?
Comment From: wilkinsona
I'm not sure yet. This issue is assigned to 2.x so we've yet to look at it in detail. I think that some sort of customizer makes sense, but it's complicated a little here as the RabbitConnectionFactoryBean isn't exposed as a bean and is really an implementation detail. Therefore, I'm not sure that we want its use to become apparent via a customizer API.
There are a few options that I can see:
- Customise the
RabbitConnectionFactoryBean - Customise the
ConnectionFactorythat the factory bean creates - Customise the
CachingConnectionFactorythat wraps theConnectionFactory
Each has its advantages and disadvantages. We'll need to spend some time to decide which is the best of the 3, or if there's another option that I haven't thought of that would be better.
Comment From: bcollard
Hello,
It would be great to expose this property in the logging subsystems config (log4j & logback). Like adding a sasl property in this class for example: https://github.com/spring-projects/spring-amqp/blob/master/spring-rabbit/src/main/java/org/springframework/amqp/rabbit/log4j2/AmqpAppender.java
Cheers.
Comment From: julb
Hello, As per the fix of this issue referenced by @bcollard : https://github.com/spring-projects/spring-amqp/issues/1049
There is a new method setSaslConfig on RabbitConnectionFactoryBean: https://github.com/spring-projects/spring-amqp/blob/master/spring-rabbit/src/main/java/org/springframework/amqp/rabbit/connection/RabbitConnectionFactoryBean.java#L515
It seems then straightforward to customize the RabbitAutoConfiguration to inject the saslConfig from the RabbitProperties.
What do you think of that? Cheers
Comment From: wilkinsona
@jub Thanks for taking a look. Unfortunately, the setter isn't new (it was added 5 years ago in https://github.com/spring-projects/spring-amqp/commit/3b605cddbfd502946e841ddecd304f0ca308710f) so the situation remains the same and we need to do some design work as outlined above.
Comment From: wilkinsona
For the most part, the various setters on RabbitConnectionFactoryBean delegate to a RabbitMQ ConnectionFactory so I don't think customizing the factory bean offers much value over customizing the ConnectionFactory directly. ConnectionFactory also has the necessary methods for configuring both SaslConfig and NIO which are the two customization requirements raised thus far. If we offered a customizer for the CachingConnectionFactory many customizers would have to make an extra method call to getRabbitConnectionFactory() before they could apply their customization. Not a big deal, but it also don't seem to offer much benefit. I think customization of the ConnectionFactory makes the most sense.