Getting sender from Component packet

Matt Morten
Added over 4 years ago


I've extended AbstractMessageReceiver and overridden processPacket(Packet). I want to get the user who sent the message. If I use packet.getFrom() or packet.getPacketFrom() it returns me "". I am forced to use packet.getStanzaFrom() to get the correct JID.

However, I'm concerned this is a security risk - could a user fake communication from another by simply spoofing their from="" in the packet? If so, is there a better way of getting the sender?


Replies (2)

Added by kevin zhou over 4 years ago

StanzaFrom will be overrode by session manager with current user's jid in session, So there isn't security risk.


Added by Artur Hefczyc TigaseTeam over 4 years ago

Yes, Kevin is correct. The XMPP spec requires that the server checks of the stanza from address is correct and valid for the user who sent the XMPP stanza. Tigase abides the spec requirement, therefore if there is stanzaFrom you can trust it is correct.