| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| Modern handling of MQMD.ApplIdentityData in WMB MQOuput node |
« View previous topic :: View next topic » |
| Author |
Message
|
| lancelotlinc |
 Posted: Fri Jun 22, 2012 11:01 am Post subject: Modern handling of MQMD.ApplIdentityData in WMB MQOuput node |
 |
|
Jedi Knight
Joined: 22 Mar 2010
Posts: 4941
Location: Bloomington, IL USA
|
@hal, New York, NY
Under normal circumstances, the 'Alternate User Authority' tick box is cleared from the MQOutput node. In this case, WMB v7 and WMB v8 use the default credentials when opening the queue for output. The default credentials being the Service Id that the Broker runtime is using.
Under some circumstances, some developers may wish to use the Alternate User Authority (ie. MQMD.ApplIdentityData). This is the information that is contained in the MQMD by the message that was read from a queue. In this case, the developer can tick the mark on 'Alternate User Authority' tick box in which the MQOutput node will use the information stored at MQMD.ApplIdentityData as the credentials when opening the queue for output.
http://publib.boulder.ibm.com/infocenter/wmbhelp/v8r0m0/index.jsp?topic=%2Fcom.ibm.etools.mft.doc%2Fac04570_.htm
| Quote: |
| If you select this check box, alternate authority is used when the output message is put and the MQOO_ALTERNATE_USER_AUTHORITY option is set in the open options (MQOO) of the MQI. If you select this check box, this option is specified when the queue is opened for output. The alternative user information is retrieved from the context information in the message. Clear the check box if you do not want to specify alternative user authority. If you clear the check box, the broker service user ID is used when the message is put. |
| Code: |
| MyObjectDescriptor.AlternateUserId = "myuser" |
_________________
http://leanpub.com/IIB_Tips_and_Tricks
Save $20: Coupon Code: MQSERIES_READER |
|
| Back to top |
|
 |
| mqjeff |
| Posted: Fri Jun 22, 2012 11:44 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
|
| Back to top |
|
|
| lancelotlinc |
| Posted: Fri Jun 22, 2012 11:49 am Post subject: |
|
|
Jedi Knight
Joined: 22 Mar 2010
Posts: 4941
Location: Bloomington, IL USA
|
I agree. I think controlling the queue access is too low level for a business transaction. I would prefer business transaction credentials be in InputRoot.SOAP.Header.wsse:Username. There is no assurance that MQMD.ApplIdentityData has passed any sort of authentication.
_________________
http://leanpub.com/IIB_Tips_and_Tricks
Save $20: Coupon Code: MQSERIES_READER |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
