Skip to main content
Version: Next

Validated User-ID

In some scenarios it is useful for consumers to be able to know the identity of the user who published a message.

To make this possible, RabbitMQ will validate the user-id message property if it is set. In other words, if this property is set by a publisher, its value must be equal to the name of the connection's user.

If the user-id property is not set, the publisher's identity remains private and no validation will be performed.

Example (in Java)

AMQP.BasicProperties properties = new AMQP.BasicProperties();
properties.setUserId("guest");
channel.basicPublish("amq.fanout", "", properties, "test".getBytes());

This message will only be published successfully if the user is "guest".

Additional Layer of Authentication

If security is a serious concern, you should probably combine the use of this feature with TLS-enabled connections, possibly with peer certificate chain verification of clients performed by the server.

Special Cases: the Impersonator Tag

Occasionally it may be useful to allow an application to forge a user-id. In order to permit this, the publishing user can have its impersonator tag set. By default, no users have this tag set. In particular, the administrator tag does not allow this.

Federation Interactions

The federation plugin can deliver messages from an upstream on which the user-id property is set. By default it will clear this property (since it has no way to know whether the upstream broker is trustworthy). If the trust-user-id property on an upstream is set, then it will pass the user-id property through from the upstream broker, assuming it to have been validated there.