[rabbitmq-discuss] Authenticating to Applications

Simon MacMullen simon at rabbitmq.com
Thu Feb 17 07:52:23 GMT 2011

On 17/02/2011 1:12AM, Max Bridgewater wrote:
> Even if A and B are authenticated, I don't find a way in the Java API
> that tells me who sent the message. I was assuming that after
> authentication, RabbitMQ would set the user-Id in BasicProperties.
> Then, any attempt to temper with that ID would be detected by RabbitMQ
> and the message discarded.

The server does not set the user-id property in case a publishing app 
does not want its identity revealed for whatever reason.

However, if *you* set the user-id property, the server will enforce it. 
Therefore if you see a user-id property, you can trust it.

See: http://www.rabbitmq.com/extensions.html#validated-user-id

Cheers, Simon

More information about the rabbitmq-discuss mailing list