In some scenarios it is useful for consumers to be able to know the identity of the user who published a message. We have therefore made sure that the
user-id message property is validated. If this property is set by a publisher, its value must be equal to the name of the user used to open the connection. If the
user-id property is not set, the publisher's identity remains private.
For example (in Java):
AMQP.BasicProperties properties = new AMQP.BasicProperties(); properties.setUserId("guest"); channel.basicPublish("amq.fanout", "", properties, "test".getBytes());
This message will only be published successfully if the user is "guest".
If security is a serious concern, you should probably combine the use of this feature with TLS-enabled connections.
Occasionally it may be useful to allow an application to forge a user-id. In order to permit this, the publishing user can have its
impersonator tag set. By default, no users have this tag set. In particular, the
administrator tag does not allow this.
The federation plugin can deliver messages from an upstream on which the
user-id property is set. By default it will clear this property (since it has no way to know whether the upstream broker is trustworthy). If the
trust-user-id property on an upstream is set, then it will pass the
user-id property through from the upstream broker, assuming it to have been validated there.