jmsxuserid.xml - activemq-web - Git at Google

 <div class="wiki-content maincontent"><h2 id="JMSXUserID-JMSXUserIDsupport">JMSXUserID support</h2>

 <p>It is sometimes useful to know the authenticated username of the sender of a message. This is not added by default but you can enable it by setting the <strong>populateJMSXUserID</strong> property on the broker via Java code</p>

 <div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
 <script class="brush: java; gutter: false; theme: Default" type="syntaxhighlighter"><![CDATA[
 BrokerService broker = new BrokerService();
 broker.setPopulateJMSXUserID(true);
 broker.start();
 ]]></script>
 </div></div>

 <p>Or via the <a shape="rect" href="xml-configuration.xml">Xml Configuration</a></p>

 <div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
 <script class="brush: java; gutter: false; theme: Default" type="syntaxhighlighter"><![CDATA[
 &lt;broker xmlns=&quot;http://activemq.org/config/1.0&quot; populateJMSXUserID=&quot;true&quot;&gt;
 ...
 &lt;/broker&gt;
 ]]></script>
 </div></div>

 <p>Or via the <a shape="rect" href="broker-configuration-uri.xml">Broker Configuration URI</a>.</p>

 <p>Once enabled this feature adds the JMS property <strong>JMSXUserID</strong> to each JMS message so that a consumer can know exactly who the sender was using the broker's authentication policy. i.e. it is not possibile for a producer to spoof this value if this feature is enabled since the broker attaches the property to the message after the senders connection is authenticated.</p>

 <p>If you allow anonymous access, you MUST also add the </p>
 <div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
 <script class="brush: java; gutter: false; theme: Default" type="syntaxhighlighter"><![CDATA[useAuthenticatedPrincipalForJMSXUserID=&quot;true&quot;]]></script>
 </div></div>
 <p> property of the broker element. Otherwise, anonymous clients can spoof identities by setting the JMSXUserID property on from the client. This property is available in version 5.5 or 5.5-SNAPSHOT &gt; March 12th. Note, though, that for SSL certificate based authentication, e.g., when using TextFileCertificateLoginModule JAAS module, this will change the semantics of the broker-provided JMSXUserID. Instead of returning the DN of the certificate, it will provide the name the DN is mapped to by the JAAS module.</p></div>
	<div class="wiki-content maincontent"><h2 id="JMSXUserID-JMSXUserIDsupport">JMSXUserID support</h2>

	<p>It is sometimes useful to know the authenticated username of the sender of a message. This is not added by default but you can enable it by setting the <strong>populateJMSXUserID</strong> property on the broker via Java code</p>

	<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
	<script class="brush: java; gutter: false; theme: Default" type="syntaxhighlighter"><![CDATA[
	BrokerService broker = new BrokerService();
	broker.setPopulateJMSXUserID(true);
	broker.start();
	]]></script>
	</div></div>

	<p>Or via the <a shape="rect" href="xml-configuration.xml">Xml Configuration</a></p>

	<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
	<script class="brush: java; gutter: false; theme: Default" type="syntaxhighlighter"><![CDATA[
	<broker xmlns="http://activemq.org/config/1.0" populateJMSXUserID="true">
	...
	</broker>
	]]></script>
	</div></div>

	<p>Or via the <a shape="rect" href="broker-configuration-uri.xml">Broker Configuration URI</a>.</p>

	<p>Once enabled this feature adds the JMS property <strong>JMSXUserID</strong> to each JMS message so that a consumer can know exactly who the sender was using the broker's authentication policy. i.e. it is not possibile for a producer to spoof this value if this feature is enabled since the broker attaches the property to the message after the senders connection is authenticated.</p>

	<p>If you allow anonymous access, you MUST also add the </p>
	<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
	<script class="brush: java; gutter: false; theme: Default" type="syntaxhighlighter"><![CDATA[useAuthenticatedPrincipalForJMSXUserID="true"]]></script>
	</div></div>
	<p> property of the broker element. Otherwise, anonymous clients can spoof identities by setting the JMSXUserID property on from the client. This property is available in version 5.5 or 5.5-SNAPSHOT > March 12th. Note, though, that for SSL certificate based authentication, e.g., when using TextFileCertificateLoginModule JAAS module, this will change the semantics of the broker-provided JMSXUserID. Instead of returning the DN of the certificate, it will provide the name the DN is mapped to by the JAAS module.</p></div>