Skip to main content

Validated User-ID

In some scenarios it is useful for consumers to be able to know the identity of the user who published a message. We have therefore made sure that the user-id message property is validated. If this property is set by a publisher, its value must be equal to the name of the user used to open the connection. If the user-id property is not set, the publisher's identity remains private.

For example (in Java):

AMQP.BasicProperties properties = new AMQP.BasicProperties();
properties.setUserId("guest");
channel.basicPublish("amq.fanout", "", properties, "test".getBytes());

This message will only be published successfully if the user is "guest".

If security is a serious concern, you should probably combine the use of this feature with TLS-enabled connections.

Occasionally it may be useful to allow an application to forge a user-id. In order to permit this, the publishing user can have its impersonator tag set. By default, no users have this tag set. In particular, the administrator tag does not allow this.

The federation plugin can deliver messages from an upstream on which the user-id property is set. By default it will clear this property (since it has no way to know whether the upstream broker is trustworthy). If the trust-user-id property on an upstream is set, then it will pass the user-id property through from the upstream broker, assuming it to have been validated there.