I faced with a very similar case after Spring Boot 3 and Spring Security 6 upgrade with one of the custom token authenticated WebSocket service. I used the CustomWebSocketHandshakeHandler handler for extracting the token from websocket connection and then stored the user information in "simpUser" parameter of the websocket session. Afterwards, spring security could manage to authenticate the user with RabbitMQ easly. Here is the whole implementation details: https://medium.com/@ysrgozudeli/handling-custom-websocket-authentication-in-spring-boot-3-0-upgrade-619168d1a1c9