| Author |
Message
|
| ikulm |
 Posted: Thu Sep 12, 2013 12:35 pm Post subject: Java Code to pass user id and password to connect to QM |
 |
|
Newbie
Joined: 12 Sep 2013
Posts: 5
|
I have a java Web application which connects to queue manager from a WAS, I am trying to pass the details in
| Code: |
MQConfigManagerConnectionParameters localMQConfigManagerConnectionParameters = new MQConfigManagerConnectionParameters(
paramString1, paramInt, paramString2); |
The connection takes the user id and password of the underlying WAS. How can I pass my own user id and password? |
|
| Back to top |
|
 |
| mqjeff |
| Posted: Thu Sep 12, 2013 12:39 pm Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
|
| Back to top |
|
|
| exerk |
| Posted: Thu Sep 12, 2013 12:41 pm Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
Firstly, unless you have an exit on the SVRCONN being used, and that exit accepts the user and password, and that exit has a means to query whatever security module being used on the platform hosting the queue manager, e.g. Active Directory, flowing a password is pointless - WebSphere MQ itself will do nothing with it.
Secondly, I don't know how you set up WAS so it flows a particular userid, but I'm sure that someone will be along in a moment to tell you.
EDIT: Told you someone would be along soon... 
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| ikulm |
| Posted: Thu Sep 12, 2013 1:40 pm Post subject: |
|
|
Newbie
Joined: 12 Sep 2013
Posts: 5
|
I read this post :
http://www.niratul.com/QueueManager.htm
Enter the class name of user-defined security exit's Client part written and compiled in Java. Please be sure to enter the exact class name with case-sensitive. This class name must have following two methods in it to set userid and password.
public void setUserId(String userid)
public void setPassword(String password)
WMQTool will pass userid and password using these two methods to this Client Security Exit class. You should use them in your class appropriately.
So I was thinking we can actually write a class in Java and pass as one of the parameter in the method |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Thu Sep 12, 2013 1:56 pm Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
Do you have a security exit?
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| ikulm |
| Posted: Thu Sep 12, 2013 1:59 pm Post subject: |
|
|
Newbie
Joined: 12 Sep 2013
Posts: 5
|
| No I dont. How can I get it ? |
|
| Back to top |
|
|
| gbaddeley |
| Posted: Thu Sep 12, 2013 5:22 pm Post subject: |
|
|
Jedi Knight
Joined: 25 Mar 2003
Posts: 2538
Location: Melbourne, Australia
|
| ikulm wrote: |
| No I dont. How can I get it ? |
Do you actually have a security requirement that MQ must authenticate an application provided userid and password? Out of the box, current versions of MQ do not provide this feature. You would need to design and develop your own exits or purchase from an ISV.
There are other security controls that you can use to address MQ client security.
_________________
Glenn |
|
| Back to top |
|
|
| ikulm |
| Posted: Thu Sep 12, 2013 8:18 pm Post subject: |
|
|
Newbie
Joined: 12 Sep 2013
Posts: 5
|
| I need to connect to the broker and get all the execution group and Message flow names within the broker. One part of it requires me to supply the connection properties. So are you saying there is a way around to g this information? |
|
| Back to top |
|
|
| mqjeff |
| Posted: Fri Sep 13, 2013 2:17 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
That's BROKER, and not MQ.
And it's, again, BROKER, and not MQ, that will validate the userid and password.
And just like you can't tell the Toolkit to connect to a Broker as some user other than the user running the Toolkit, you can't tell your java code to connect to a Broker as some user other than the user running the JVM. |
|
| Back to top |
|
|
| JosephGramig |
| Posted: Fri Sep 13, 2013 7:27 am Post subject: |
|
|
Grand Master
Joined: 09 Feb 2006
Posts: 1244
Location: Gold Coast of Florida, USA
|
This almost sounds like you are writing an Web application to administer/view the WMB configuration.
Is this what you are trying to do?
Did you know that several versions of WMB have a web interface?
What are you really trying to do?
BTW: It is almost certainly easier to use self signed SSL certificates and MQ Rules to control access than write your own exits (which are unlikely to be as robust). |
|
| Back to top |
|
|
| ikulm |
| Posted: Fri Sep 13, 2013 10:56 am Post subject: |
|
|
Newbie
Joined: 12 Sep 2013
Posts: 5
|
| Quote: |
This almost sounds like you are writing an Web application to administer/view the WMB configuration.
Is this what you are trying to do?
Did you know that several versions of WMB have a web interface?
What are you really trying to do?
BTW: It is almost certainly easier to use self signed SSL certificates and MQ Rules to control access than write your own exits (which are unlikely to be as robust). |
Yes, This is exactly I am trying to do. I am trying to pull the status of all the Message Flow within the execution group and show the status , whether it is in start state or stop state. This works fine from my local machine because my id have access to the broker but when i deploy this on WAS, the underlying user id does not have access to this WMB broker manager and fails to get authenticate.
IBM is not going to add generic user id, So I do not have a choice here.
If there is any way out, I am certainly not aware of. So will really appreciate if I can get some help over here.[/img] |
|
| Back to top |
|
|
| Vitor |
| Posted: Fri Sep 13, 2013 11:17 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| ikulm wrote: |
| If there is any way out, I am certainly not aware of. So will really appreciate if I can get some help over here.[/img] |
Modern versions of the product are supported via web interfaces. A number of support pacs and commerical products (for example Aviva's IR360) provide web based access to the broker which lacks such IBM supplied functionality. So at best you're reinventing a wheel.
(No recommendation or endorsement of any product or solution is intended or implied, the fitness of any product or solution to a particular situation cannot be guaranteed and no liabiity is accepted for any loss incurred directly or indirectly from the use of information in this post.)
_________________
Honesty is the best policy.
Insanity is the best defence.
Last edited by Vitor on Fri Sep 13, 2013 11:18 am; edited 1 time in total |
|
| Back to top |
|
|
| JosephGramig |
| Posted: Fri Sep 13, 2013 11:17 am Post subject: |
|
|
Grand Master
Joined: 09 Feb 2006
Posts: 1244
Location: Gold Coast of Florida, USA
|
The simple answer is:
- Create a self signed CA key store
- Create Qmgr key store
- Create Qmgr cert request
- Have self signed CA sign QMgr cert request
- Have Qmgr receive signed cert request
- Create WAS client key store
- Create WAS client cert request
- Have self signed CA sign WAS client cert request
- Have WAS Client receive signed cert request
- Build specific SVRCONN for WAS Client that specifies MCAUSER and SSLPEER to ensure only this cert is used (maybe use the CN value in the DN)
- Config WAS for this app server to use this specific channel for connections
Something like that... If you have CHLAUTH rules, then use them to map the ID off something in the SSL.
Or use the web interface that comes with WMB?
What version of WMB is this? |
|
| Back to top |
|
|
|
|
