| <div class="wiki-content maincontent"><h2>JMSXUserID support</h2> |
| |
| <p>It is sometimes useful to know the authenticated username of the sender of a message. This is not added by default but you can enable it by setting the <strong>populateJMSXUserID</strong> property on the broker via Java code</p> |
| |
| <structured-macro ac:macro-id="b5da1390-e2d9-495f-b57d-445b3748f0a7" ac:name="code" ac:schema-version="1"><plain-text-body> |
| BrokerService broker = new BrokerService(); |
| broker.setPopulateJMSXUserID(true); |
| broker.start(); |
| </plain-text-body></structured-macro> |
| |
| <p>Or via the <link><page ri:content-title="Xml Configuration"></page></link></p> |
| |
| <structured-macro ac:macro-id="2c740d5e-cee9-4294-9c5f-2128b841dbb8" ac:name="code" ac:schema-version="1"><plain-text-body> |
| <broker xmlns="http://activemq.org/config/1.0" populateJMSXUserID="true"> |
| ... |
| </broker> |
| </plain-text-body></structured-macro> |
| |
| <p>Or via the <link><page ri:content-title="Broker Configuration URI"></page></link>.</p> |
| |
| <p>Once enabled this feature adds the JMS property <strong>JMSXUserID</strong> to each JMS message so that a consumer can know exactly who the sender was using the broker's authentication policy. i.e. it is not possibile for a producer to spoof this value if this feature is enabled since the broker attaches the property to the message after the senders connection is authenticated.</p> |
| |
| <p>If you allow anonymous access, you MUST also add the </p> |
| <structured-macro ac:macro-id="467587ab-74a0-4e73-bfbe-091d09bd2305" ac:name="code" ac:schema-version="1"><plain-text-body>useAuthenticatedPrincipalForJMSXUserID="true"</plain-text-body></structured-macro> |
| <p> property of the broker element. Otherwise, anonymous clients can spoof identities by setting the JMSXUserID property on from the client. This property is available in version 5.5 or 5.5-SNAPSHOT > March 12th. Note, though, that for SSL certificate based authentication, e.g., when using TextFileCertificateLoginModule JAAS module, this will change the semantics of the broker-provided JMSXUserID. Instead of returning the DN of the certificate, it will provide the name the DN is mapped to by the JAAS module.</p></div> |
| |