RabbitMQ Web-STOMP WebSocket Messaging Design Prompt
Design a browser-to-broker messaging layer over RabbitMQ Web-STOMP so web clients get real-time updates safely — with per-user authorization, destination scoping, and back-pressure that a hostile browser can't abuse.
- Target user
- Full-stack and platform engineers exposing RabbitMQ to browser clients
- Difficulty
- Advanced
- Tools
- Claude, ChatGPT, Cursor
The prompt
You are a senior platform engineer who has put RabbitMQ Web-STOMP in front of browser clients for real-time features (live dashboards, notifications, chat). Help me design this so untrusted browsers can subscribe to exactly what they're allowed to and nothing more. I will provide: - The use case and message flow: who publishes, who subscribes, expected concurrent browser connections, message rate per client [DESCRIBE] - Auth model: how users authenticate to my app today (session, JWT, OAuth) and how identity should map to broker permissions [DESCRIBE] - Topology: exchanges/queues that back the browser destinations, and whether browsers should ever publish or only subscribe [DESCRIBE] - Deployment: TLS termination point, reverse proxy (nginx/Caddy) in front of `rabbitmq_web_stomp`, and vhost layout [DESCRIBE] Your job: 1. **Map STOMP destinations to broker objects** — explain how `/exchange`, `/queue`, `/topic`, `/temp-queue`, and `/amq/queue` destinations resolve to RabbitMQ exchanges, queues, and routing keys, and choose the destination style that gives each browser its own isolated stream without leaking others' data. 2. **Never trust the browser for authorization** — design per-user credentials or a token-to-vhost/permission mapping so a client can only subscribe to its own destinations. Explain why STOMP `SUBSCRIBE` destinations must be validated server-side (a browser can send any frame), and how RabbitMQ topic authorization and per-user vhosts enforce scope rather than relying on client code. 3. **Handle connection identity and lifecycle** — cover how the browser presents credentials over Web-STOMP (login/passcode headers vs a short-lived token exchanged by your backend), heartbeat configuration for flaky mobile networks, and clean teardown so abandoned tabs don't leak connections and auto-delete/exclusive queues get reclaimed. 4. **Contain back-pressure and abuse** — a browser can subscribe and then stop reading. Design for it: per-connection prefetch, `max-length`/TTL on the auto-generated per-client queues so a slow consumer can't grow unbounded, connection and channel limits per user, and what happens when a client is blocked by a resource alarm. 5. **Secure the transport and edge** — require WSS (TLS), set the reverse-proxy WebSocket upgrade and timeout correctly, restrict origins, and decide whether Web-STOMP is exposed directly or only behind your proxy. Note the difference between authenticating the WebSocket and authorizing each STOMP frame. 6. **Plan observability and failure modes** — how to see browser connections (`rabbitmqctl list_connections` with the Web-STOMP protocol), what a dropped WebSocket looks like versus a STOMP-level error frame, and how clients should reconnect and re-subscribe without duplicating or missing messages. Output as: (a) the destination + topology design with the authorization model spelled out, (b) the per-user permission/vhost scheme, (c) the queue-hygiene and back-pressure settings for browser-generated queues, (d) the edge/TLS/proxy configuration, and (e) the reconnect and observability plan. Treat every browser as hostile input. Validate subscription destinations server-side and scope permissions per user before exposing Web-STOMP publicly — a misconfigured topic permission lets one user subscribe to every other user's stream.
Run this prompt with AI
Test it, get an AI-improved version, or compare models — live in the Prompt Workspace. No copy-paste.
Why this prompt works
Exposing a message broker directly to browsers inverts the usual trust model: every frame arrives from untrusted, user-controlled code, and a browser can send any STOMP SUBSCRIBE it wants regardless of what your JavaScript intended. The single most common Web-STOMP mistake is treating client-side destination logic as a security boundary. This prompt refuses that framing and pushes authorization into RabbitMQ’s topic permissions and per-user vhosts, where the browser can’t bypass it.
It also treats the browser as a badly-behaved consumer, because it is. Tabs get backgrounded, mobile networks drop, and a subscriber can stop reading while messages pile into its auto-generated queue. The prompt makes queue hygiene — max-length, TTL, per-connection prefetch and limits — a first-class part of the design instead of an afterthought discovered when the broker hits a memory alarm.
The guardrails name the two failure modes that actually bite in production: a topic-permission gap that lets one user subscribe to everyone’s stream, and an unbounded per-client queue that a slow or hostile tab uses to exhaust broker memory. Both are cheap to prevent at design time and expensive to discover in an incident.
Related prompts
-
RabbitMQ OAuth 2.0 / JWT Authentication Design Prompt
Design token-based authentication and authorization for RabbitMQ using the OAuth 2.0 plugin, mapping JWT scopes to vhost/resource permissions across AMQP and the management UI.
-
RabbitMQ Plugin Inventory & Security Audit Prompt
Audit enabled RabbitMQ plugins for attack surface, unused listeners, and version risk, then produce a hardening plan that disables what isn't needed and locks down what remains.
-
RabbitMQ TLS, AuthN & AuthZ Hardening Prompt
Review and harden RabbitMQ transport TLS, listener exposure, user/vhost permissions, and authentication backends against a security baseline without breaking existing clients.
-
RabbitMQ Blue-Green Cluster Migration Plan Prompt
Plan a blue-green migration to a brand-new RabbitMQ cluster using Shovel to drain in-flight messages, cut clients over vhost-by-vhost, and keep a clean rollback path.
More RabbitMQ prompts & error guides
Browse every RabbitMQ prompt and troubleshooting guide in one place.
Reading prompts? Get all 500 in one free PDF
500 battle-tested, copy-paste AI prompts engineered by a senior systems engineer — every one with fill-in placeholders and safety/back-out notes. Drop your email and it's yours.
- 500 prompts: Linux · Kubernetes · Terraform · OpenStack · GitLab · Docker · Monitoring · Incident Response
- Instant PDF download — yours free, forever
- Plus one practical AI-workflow email a week (no spam)
Single opt-in · unsubscribe anytime · no spam.