[Security] RabbitMQ connections not authenticated — any client on network can publish orders

[anshul23102]

Executive Summary

RabbitMQ connections accept unauthenticated clients, allowing any network participant to publish orders or consume sensitive data from queues.

Root Cause

RabbitMQ configured with guest:guest or no credentials validation.

Proposed Solution

# docker-compose.yml
rabbitmq:
  environment:
    RABBITMQ_DEFAULT_USER: order-system
    RABBITMQ_DEFAULT_PASS: ${RABBITMQ_PASSWORD}
    RABBITMQ_DEFAULT_VHOST: /orders

// RabbitMQ connection configuration
@Configuration
public class RabbitMQConfig {
  @Bean
  public ConnectionFactory connectionFactory() {
    CachingConnectionFactory factory = new CachingConnectionFactory();
    factory.setHost(environment.getProperty("rabbitmq.host"));
    factory.setUsername(environment.getProperty("rabbitmq.user"));
    factory.setPassword(environment.getProperty("rabbitmq.password"));
    factory.setVirtualHost("/orders");
    return factory;
  }
}

Checklist

• I have searched existing issues and confirmed this is not a duplicate
• I have read the CONTRIBUTING.md guidelines
• I have provided clear steps to reproduce the issue
• I have described expected vs. actual behavior clearly
• This issue title is clear and specific
• This repository has been verified as NSOC on https://www.nsoc.in/projects

@pooranjoyb Could you please /assign this issue to me? I would like to implement RabbitMQ authentication under NSOC '26.

/assign