You can authenticate a message in Stomplet using a session and a stored token. To do this, you need to configure Rails to use the Torquebox session store. This can be done using an initializer, for example config/initializers/torquebox_init.rb :
AppName::Application.config.session_store :torquebox_store
Now Stomplet will have access to the session. Here is a Stomplet example that uses a session parameter :authentication_token to map User authentication_token in the database. Authentication token is checked for subscription, message sending and cancellation:
require 'torquebox-stomp' class StompletDemo def initialize() super @subscribers = [] end def configure(stomplet_config) end def on_message(stomp_message, session) token = session[:authentication_token] if is_authenticated?( token ) @subscribers.each do |subscriber| subscriber.send( stomp_message ) end end end def on_subscribe(subscriber) session = subscriber.session if is_authenticated?(session[:authentication_token]) @subscribers << subscriber end end def on_unsubscribe(subscriber) session = subscriber.session if is_authenticated?(session[:authentication_token]) @subscribers.delete( subscriber ) end end def is_authenticated?(token) User.where( authentication_token: token ).exists? end end
Now you only need to make sure that session[:authentication_token] authentication is set during user authentication session[:authentication_token] . This will mainly be installed in the controller: