| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| WebSphere MQ - IMS interaction |
« View previous topic :: View next topic » |
| Author |
Message
|
| BDB |
 Posted: Mon Oct 04, 2010 7:47 pm Post subject: WebSphere MQ - IMS interaction |
 |
|
Apprentice
Joined: 06 Jan 2009
Posts: 28
|
Hi Guys,
Need some pointers from experts on board. I have a MQMgr (say Mgr1) installed on a Linux box. This has a remote queue defined that triggers a IMS transaction when a message is put into it. Our IMS transaction uses 'userid' field of the MQMD for authorization. This field needs to be passed with a RACF ID. Problem is our system load is approx 3500 users logged on the same time.
My attempts so far:
1. I am using Websphere MQ API using MQMessage and used accessQueue. But faced the problem where the userId I set is being overridden by application's (weblogic server's) id.
2. I then tried using Alternate User approach in accessQueue method and got a exception saying Unauthirized access (Dont remember the 20xx number).
My question:
1.what is the best way to tackle this issue?
It is impossible to add 3500 RACF IDs in a group or list , whatever that needs to be created since employees come and go. Don't want to deal with the userid maintainance.
2. Is there any safe/proven way to do this?
I also thought about Disabling Alternate UserId checking. Is it a good practice to follow?
Please let me know. Any help is greatly appreciated.
-BDB |
|
| Back to top |
|
 |
| fjb_saper |
| Posted: Mon Oct 04, 2010 8:12 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
The way to tackle the issue?
Well you talk about WebLogic and MQ API, but it would have helped greatly to clarify whether you meant using the JMS API or MQ Java Base API.
- JMS
On the JMS API, you can set this at the connection factory level in JNDI with a JAAS alias. You can also set the userid explicitely using the create connection method:
| Code: |
| Connection conn = cf.createConnection(userid, passwd); |
Java Base (see also c, c++,.NET etc...)
In Java Base API this is a little more sophisticated.
First you have to set the right pmo options on the message (set user context)
Then you have to set the right value on the message
Finally you put the message to the queue.
And of course in both cases you need the right authorizations on the queues (see setmqaut) otherwise you are likely to get a 2035 reason code in return.
Have fun 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| mqjeff |
| Posted: Tue Oct 05, 2010 2:07 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| Even in the Java base API, you may find that the userid gets overwritten with the process user id when using a bindings connection. |
|
| Back to top |
|
|
| Mr Butcher |
| Posted: Tue Oct 05, 2010 2:26 am Post subject: |
|
|
Padawan
Joined: 23 May 2005
Posts: 1716
|
i use a channel message exit that is setting the userid for incoming messages to a specific "technical" id (if you dont care for the real user id) which is known to RACF so IMS transactions run without problems.
_________________
Regards, Butcher |
|
| Back to top |
|
|
| BDB |
| Posted: Tue Oct 05, 2010 6:03 am Post subject: |
|
|
Apprentice
Joined: 06 Jan 2009
Posts: 28
|
| Mr Butcher wrote: |
| i use a channel message exit that is setting the userid for incoming messages to a specific "technical" id (if you dont care for the real user id) which is known to RACF so IMS transactions run without problems. |
Can you let me know or point me to a direction as to how to create a channel message exit? |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
