jmsxuserid.xml - activemq-web - Git at Google

 <div class="wiki-content maincontent"><h2>JMSXUserID support</h2>

 <p>It is sometimes useful to know the authenticated username of the sender of a message. This is not added by default but you can enable it by setting the <strong>populateJMSXUserID</strong> property on the broker via Java code</p>

 <structured-macro ac:macro-id="b5da1390-e2d9-495f-b57d-445b3748f0a7" ac:name="code" ac:schema-version="1"><plain-text-body>
 BrokerService broker = new BrokerService();
 broker.setPopulateJMSXUserID(true);
 broker.start();
 </plain-text-body></structured-macro>

 <p>Or via the <link><page ri:content-title="Xml Configuration"></page></link></p>

 <structured-macro ac:macro-id="2c740d5e-cee9-4294-9c5f-2128b841dbb8" ac:name="code" ac:schema-version="1"><plain-text-body>
 &lt;broker xmlns="http://activemq.org/config/1.0" populateJMSXUserID="true"&gt;
 ...
 &lt;/broker&gt;
 </plain-text-body></structured-macro>

 <p>Or via the <link><page ri:content-title="Broker Configuration URI"></page></link>.</p>

 <p>Once enabled this feature adds the JMS property <strong>JMSXUserID</strong> to each JMS message so that a consumer can know exactly who the sender was using the broker's authentication policy. i.e. it is not possibile for a producer to spoof this value if this feature is enabled since the broker attaches the property to the message after the senders connection is authenticated.</p>

 <p>If you allow anonymous access, you MUST also add the </p>
 <structured-macro ac:macro-id="467587ab-74a0-4e73-bfbe-091d09bd2305" ac:name="code" ac:schema-version="1"><plain-text-body>useAuthenticatedPrincipalForJMSXUserID="true"</plain-text-body></structured-macro>
 <p> property of the broker element. Otherwise, anonymous clients can spoof identities by setting the JMSXUserID property on from the client. This property is available in version 5.5 or 5.5-SNAPSHOT &gt; March 12th. Note, though, that for SSL certificate based authentication, e.g., when using TextFileCertificateLoginModule JAAS module, this will change the semantics of the broker-provided JMSXUserID. Instead of returning the DN of the certificate, it will provide the name the DN is mapped to by the JAAS module.</p></div>
	<div class="wiki-content maincontent"><h2>JMSXUserID support</h2>

	<p>It is sometimes useful to know the authenticated username of the sender of a message. This is not added by default but you can enable it by setting the <strong>populateJMSXUserID</strong> property on the broker via Java code</p>

	<structured-macro ac:macro-id="b5da1390-e2d9-495f-b57d-445b3748f0a7" ac:name="code" ac:schema-version="1"><plain-text-body>
	BrokerService broker = new BrokerService();
	broker.setPopulateJMSXUserID(true);
	broker.start();
	</plain-text-body></structured-macro>

	<p>Or via the <link><page ri:content-title="Xml Configuration"></page></link></p>

	<structured-macro ac:macro-id="2c740d5e-cee9-4294-9c5f-2128b841dbb8" ac:name="code" ac:schema-version="1"><plain-text-body>
	<broker xmlns="http://activemq.org/config/1.0" populateJMSXUserID="true">
	...
	</broker>
	</plain-text-body></structured-macro>

	<p>Or via the <link><page ri:content-title="Broker Configuration URI"></page></link>.</p>

	<p>Once enabled this feature adds the JMS property <strong>JMSXUserID</strong> to each JMS message so that a consumer can know exactly who the sender was using the broker's authentication policy. i.e. it is not possibile for a producer to spoof this value if this feature is enabled since the broker attaches the property to the message after the senders connection is authenticated.</p>

	<p>If you allow anonymous access, you MUST also add the </p>
	<structured-macro ac:macro-id="467587ab-74a0-4e73-bfbe-091d09bd2305" ac:name="code" ac:schema-version="1"><plain-text-body>useAuthenticatedPrincipalForJMSXUserID="true"</plain-text-body></structured-macro>
	<p> property of the broker element. Otherwise, anonymous clients can spoof identities by setting the JMSXUserID property on from the client. This property is available in version 5.5 or 5.5-SNAPSHOT > March 12th. Note, though, that for SSL certificate based authentication, e.g., when using TextFileCertificateLoginModule JAAS module, this will change the semantics of the broker-provided JMSXUserID. Instead of returning the DN of the certificate, it will provide the name the DN is mapped to by the JAAS module.</p></div>