[rabbitmq-discuss] Authenticating to Applications
Simon MacMullen
simon at rabbitmq.com
Thu Feb 17 07:52:23 GMT 2011
On 17/02/2011 1:12AM, Max Bridgewater wrote:
> Even if A and B are authenticated, I don't find a way in the Java API
> that tells me who sent the message. I was assuming that after
> authentication, RabbitMQ would set the user-Id in BasicProperties.
> Then, any attempt to temper with that ID would be detected by RabbitMQ
> and the message discarded.
The server does not set the user-id property in case a publishing app
does not want its identity revealed for whatever reason.
However, if *you* set the user-id property, the server will enforce it.
Therefore if you see a user-id property, you can trust it.
See: http://www.rabbitmq.com/extensions.html#validated-user-id
Cheers, Simon
More information about the rabbitmq-discuss
mailing list