Validated User-ID
In some scenarios it is useful for consumers to be able
to know the identity of the user who published a
message. We have therefore made sure that
the user-id
message property is validated. If
this property is set by a publisher, its value must be equal
to the name of the user used to open the connection. If
the user-id
property is not set, the
publisher's identity remains private.
For example (in Java):
AMQP.BasicProperties properties = new AMQP.BasicProperties();
properties.setUserId("guest");
channel.basicPublish("amq.fanout", "", properties, "test".getBytes());
This message will only be published successfully if the user is "guest".
If security is a serious concern, you should probably combine the use of this feature with TLS-enabled connections.
Occasionally it may be useful to allow an application to forge a
user-id. In order to permit this, the publishing user can have
its impersonator
tag set. By default, no users have
this tag set. In particular, the administrator
tag
does not allow this.
The federation plugin can deliver
messages from an upstream on which the user-id
property is set. By default it will clear this property (since
it has no way to know whether the upstream broker is
trustworthy). If the trust-user-id
property on an
upstream is set, then it will pass the user-id
property through from the upstream broker, assuming it to have
been validated there.