| Author |
Message
|
| notoneword |
 Posted: Tue Nov 08, 2011 11:45 am Post subject: Any way to set Identity Context using PCFMessageAgent? |
 |
|
Apprentice
Joined: 17 May 2011
Posts: 37
|
Currently using PCFMessageAgent in our application to send/receive messages from queue managers. Have a requirement to pass the user id with these requests. I know that can be done using the PMO and MD.UserIdentifier, but is there anyway to do this using PCFMessageAgent that anyone knows of?
I've been reading the javadocs/API, and googling heavy w/ no results yet. |
|
| Back to top |
|
 |
| fjb_saper |
| Posted: Tue Nov 08, 2011 11:47 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
What type of connection are you using?
If you are using a channel, what is the mcaUser on the channel? 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| notoneword |
| Posted: Tue Nov 08, 2011 11:51 am Post subject: |
|
|
Apprentice
Joined: 17 May 2011
Posts: 37
|
We don't require that be set to anything.
basically looking to pass the userid of the user logged into our app, so setting a static value in the MCAUserIdentifier is not an option, I don't believe. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Tue Nov 08, 2011 11:52 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
You can write() a PCFMessage into an MQMessage.
You can likewise create an MQQueueManager object and MQMessage object and then construct PCFMessage and PCFMessageAgent objects using those. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Tue Nov 08, 2011 11:54 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| notoneword wrote: |
| We don't require that be set to anything. |
In fact, you really do.
If your channels do not have MCAUSER set on them, then your queue managers are entirely unsecure and wide open to full administration from anywhere that can reach them over the network.
That is to say, if you do not have tight control over channel security, implemented in part using MCAUSER, then your queue managers are wide open to all kinds of attacks.
And configuring things to rely on fields set in MQ messages is also completely untrustworthy. |
|
| Back to top |
|
|
| notoneword |
| Posted: Tue Nov 08, 2011 11:55 am Post subject: |
|
|
Apprentice
Joined: 17 May 2011
Posts: 37
|
@mqjeff: thanks for the tip!
@Grand Poobah: .. and we're using a client connection. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Tue Nov 08, 2011 1:35 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| notoneword wrote: |
@mqjeff: thanks for the tip!
@Grand Poobah: .. and we're using a client connection. |
Well part of your security setup should be an admin channel (pcf) with SSL and MCAUser. I'd go as far as to require SSL PEER.
Have fun
_________________
MQ & Broker admin |
|
| Back to top |
|
|
|
|
