we wanna to have proper information for security audit purposes. 

To enable tracking and logging the origins of messages (for example, for security-auditing purposes), you can use the _AMQ_VALIDATED_USER message key.

In the broker.xml configuration file, if the populate-validated-user option is set to true, then the broker adds the name of the validated user to the message using the _AMQ_VALIDATED_USER key.

In the broker.xml configuration file, if security-enabled is false and populate-validated-user is true, then the broker populates whatever user name, if any, that the client provides.

To configure the broker to reject messages without JMSXUserID set by the client

<reject-empty-validated-user>true</reject-empty-validated-user>

<populate-validated-user>true</populate-validated-user>