| <div class="wiki-content maincontent"><h2 id="JMSXUserID-JMSXUserIDsupport">JMSXUserID support</h2> |
| |
| <p>It is sometimes useful to know the authenticated username of the sender of a message. This is not added by default but you can enable it by setting the <strong>populateJMSXUserID</strong> property on the broker via Java code</p> |
| |
| <div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl"> |
| <script class="brush: java; gutter: false; theme: Default" type="syntaxhighlighter"><![CDATA[ |
| BrokerService broker = new BrokerService(); |
| broker.setPopulateJMSXUserID(true); |
| broker.start(); |
| ]]></script> |
| </div></div> |
| |
| <p>Or via the <a shape="rect" href="xml-configuration.xml">Xml Configuration</a></p> |
| |
| <div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl"> |
| <script class="brush: java; gutter: false; theme: Default" type="syntaxhighlighter"><![CDATA[ |
| <broker xmlns="http://activemq.org/config/1.0" populateJMSXUserID="true"> |
| ... |
| </broker> |
| ]]></script> |
| </div></div> |
| |
| <p>Or via the <a shape="rect" href="broker-configuration-uri.xml">Broker Configuration URI</a>.</p> |
| |
| <p>Once enabled this feature adds the JMS property <strong>JMSXUserID</strong> to each JMS message so that a consumer can know exactly who the sender was using the broker's authentication policy. i.e. it is not possibile for a producer to spoof this value if this feature is enabled since the broker attaches the property to the message after the senders connection is authenticated.</p> |
| |
| <p>If you allow anonymous access, you MUST also add the </p> |
| <div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl"> |
| <script class="brush: java; gutter: false; theme: Default" type="syntaxhighlighter"><![CDATA[useAuthenticatedPrincipalForJMSXUserID="true"]]></script> |
| </div></div> |
| <p> property of the broker element. Otherwise, anonymous clients can spoof identities by setting the JMSXUserID property on from the client. This property is available in version 5.5 or 5.5-SNAPSHOT > March 12th. Note, though, that for SSL certificate based authentication, e.g., when using TextFileCertificateLoginModule JAAS module, this will change the semantics of the broker-provided JMSXUserID. Instead of returning the DN of the certificate, it will provide the name the DN is mapped to by the JAAS module.</p></div> |
| |