Apache, ActiveMQ, Apache ActiveMQ, the Apache feather logo, and the Apache ActiveMQ project logo are trademarks of The Apache Software Foundation. Copyright © 2025, The Apache Software Foundation. Licensed underApache License 2.0.
It is sometimes useful to know the authenticated username of the sender of a message. This is not added by default but you can enable it by setting thepopulateJMSXUserID property on the broker via Java code
BrokerService broker = new BrokerService();broker.setPopulateJMSXUserID(true);broker.start();Or via theXml Configuration
<broker xmlns="http://activemq.org/config/1.0" populateJMSXUserID="true"> ...</broker>Or via theBroker Configuration URI.
Once enabled this feature adds the JMS propertyJMSXUserID to each JMS message so that a consumer can know exactly who the sender was using the broker’s authentication policy. i.e. it is not possibile for a producer to spoof this value if this feature is enabled since the broker attaches the property to the message after the senders connection is authenticated.
If you allow anonymous access, you MUST also add the
useAuthenticatedPrincipalForJMSXUserID="true"property of the broker element. Otherwise, anonymous clients can spoof identities by setting the JMSXUserID property on from the client. This property is available in version 5.5 or 5.5-SNAPSHOT > March 12th. Note, though, that for SSL certificate based authentication, e.g., when usingTextFileCertificateLoginModule JAAS module, this will change the semantics of the broker-provided JMSXUserID. Instead of returning the DN of the certificate, it will provide the name the DN is mapped to by the JAAS module.
Apache, ActiveMQ, Apache ActiveMQ, the Apache feather logo, and the Apache ActiveMQ project logo are trademarks of The Apache Software Foundation. Copyright © 2025, The Apache Software Foundation. Licensed underApache License 2.0.