[
https://issues.apache.org/jira/browse/ARTEMIS-584?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15364392#comment-15364392
]
ASF GitHub Bot commented on ARTEMIS-584:
----------------------------------------
Github user jbertram commented on a diff in the pull request:
https://github.com/apache/activemq-artemis/pull/621#discussion_r69742648
--- Diff: docs/user-manual/en/security.md ---
@@ -10,6 +10,13 @@ long. To change this period set the property
`security-invalidation-interval`, which is in milliseconds. The default
is `10000` ms.
+To assist in security auditing the `populate-validated-user` option
exists. If this is `true` then
+the server will add the name of the validated user to the message using
the key `_AMQ_VALIDATED_USER`.
+For JMS and Stomp clients this is mapped to the key `JMSXUserID`. For
users authenticated based on
+their SSL certificate this name is the name to which their certificate's
DN maps. If `security-enabled`
+is `false` and `populate-validated-user` is `true` then the server will
simply use whatever user name
+(if any) the client provides. This option is `false` by default.
+
--- End diff --
Done.
> Add an option to populate JMSXUserID
> ------------------------------------
>
> Key: ARTEMIS-584
> URL: https://issues.apache.org/jira/browse/ARTEMIS-584
> Project: ActiveMQ Artemis
> Issue Type: Improvement
> Reporter: Lionel Cons
> Assignee: Justin Bertram
>
> ActiveMQ 5.x can be configured to set JMSXUserID to the authenticated user,
> see http://activemq.apache.org/jmsxuserid.html.
> This feature is very important for auditing purposes, to find out who sent a
> given message.
> Please add a similar functionality to Artemis, including with STOMP mapping.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
