| Author |
Message
|
| KAKEZ |
 Posted: Fri Sep 26, 2003 1:01 am Post subject: How can Client appl choose among several SVRCONN channels? |
 |
|
Centurion
Joined: 10 Oct 2002
Posts: 117
|
Hi,
Pb is:
- to be able to set up a security policy for client applis connecting to the mqseries server we decided to use MCAUSER at the svrconn MCA
- the MCAUSER will be set up with generic userID to which correspond specific mqseries rights
- to be able to handle several generic userID we define several svrconn channels with the MCAUSER set up each one with a different userID
- doing that the client appl can choose among different CLNTCONN channels each one corresponding to one of the SVRCONN channels on the server
** Question **: how could the client appl choose easily the CLNT channel corresponding to the generic userID she wants to use for its special mqseries rights on the server?
sorry to be long - but that's important question concerning security
thanks for help and advices
Jack |
|
| Back to top |
|
 |
| jefflowrey |
| Posted: Fri Sep 26, 2003 4:51 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
I think the 'how' depends on what your application knows when it runs.
But the basic answer is that your client application selects which channel to use and then gives the name of that channel to the MQSeries APIs.
How it figures out which channel is appropriate for which particular task is application and environment specific - what information does the application have that it can use to choose between a list of possible channels?
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| KAKEZ |
| Posted: Fri Sep 26, 2003 5:34 am Post subject: |
|
|
Centurion
Joined: 10 Oct 2002
Posts: 117
|
Hi Jeff
- I agree your answer and this is what I think also : the only way for the client appli is to give the CLNT channel name when connecting
and
- the only way to do that is to call MQCONNX with an MQCD set up with the name of the CLNT channel - is right?
but
in that case the appli - "must be aware of how the SVRCONN channel is set" - up at the other end to have the channel attributes coherent between clntconn and svrconn - right?
in my case the client appli "does" know what channel name to use to be able at the SVRCONN end to have the correct generic userID it wants in the svrconn MCA (and all the mqseries rights corresponding);
for instance:
name clntconn= chan1 --> svrconn MCAUSER=userid1 at the svrconn end
name clntconn= chan2 --> svrconn MCAUSER=userid2 at the svrconn end
- if the client appli uses MQCONNX & MQCD to define the clnt channel at the connect time, the table of channel client definitions cannot be used - right?
- it would be very interesting to define several clnt channels in the channel client definitions table and to give the clntconn channel name we need at MQCONN call and "not" MQCONNX - but nothing available with MQCONN to do that !
sorry for so long test to read,
thanks for your feeling and advices about that,
Jack |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Fri Sep 26, 2003 5:39 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
| KAKEZ wrote: |
in that case the appli - "must be aware of how the SVRCONN channel is set" - up at the other end to have the channel attributes coherent between clntconn and svrconn - right?
|
I don't think so. As far as I know (and I could be wrong), the application is never aware of how the channels are set up, only what port to talk to them on and what the name of the channel is.
It's the job of the MQ Administrator to make sure that channels are set up correctly and appropriately for their useage.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| KAKEZ |
| Posted: Fri Sep 26, 2003 6:04 am Post subject: |
|
|
Centurion
Joined: 10 Oct 2002
Posts: 117
|
- so you think that the clnt appli calling MQCONNX has just to give the main information in the MQCD like:
+ channel name
+ connection name
+ transport type
to be able to connect to the corresponding svrconn defined on the server?
Jack |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Sat Sep 27, 2003 4:23 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
| KAKEZ wrote: |
- so you think that the clnt appli calling MQCONNX has just to give the main information in the MQCD like:
+ channel name
+ connection name
+ transport type
to be able to connect to the corresponding svrconn defined on the server? |
Okay. That I don't know. I haven't worked with MQCONNX at all. Looking at the docs for it, it seems like you might have to fully specify the channel options that you are trying not to fully specify.
But the other way around this is to use a plain MQCONN, and use either an MQServer environment variable, or use a client connection table and MQCHLLIB and MQCHLTAB environment variables.
There's a whole manual for version 5.3 on Clients.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
|
|
