| Author |
Message
|
| kumar.shanj |
 Posted: Thu Jun 19, 2014 5:56 am Post subject: How to configure SecurityIdentity value for File Output node |
 |
|
Apprentice
Joined: 18 Nov 2010
Posts: 49
|
How to configure SecurityIdentity value for File Output node in Websphere Message Broker.
I am trying to pass dynamic value to SecurityIdentity in FTP rather than hard coding the value so that we can decide the value in runtime.
I am trying to set security identity value in runtime to attribute "OutputLocalEnvironment.Destination.File.Remote.SecurityIdentity", but File Output node is not taking the dynamic value set to above mentioned attribute.
Any advice on correct attrinbute name on LocalEnvironment for SecurityIdentity will be really appreciated.
Thanks in advance
Last edited by kumar.shanj on Thu Jun 19, 2014 6:24 am; edited 1 time in total |
|
| Back to top |
|
 |
| Vitor |
| Posted: Thu Jun 19, 2014 6:05 am Post subject: Re: How to configure SecurityIdentity value for File Output |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| kumar.shanj wrote: |
| I am trying to set security identity value in runtime to attribute "OutputLocalEnvironment.Destination.File.Remote.ServerDirectory", but File Output node is not taking the dynamic value set to above mentioned attribute. |
Have you remembered to change the mode setting on the Compute Node where you use that ESQL so that the LocalEnvironment is propagated along with the message?
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| kumar.shanj |
| Posted: Thu Jun 19, 2014 6:19 am Post subject: |
|
|
Apprentice
Joined: 18 Nov 2010
Posts: 49
|
Hello,
Yes, i have changed the mode in compute node as "All" and have validated by enabling debug mode and by writing to trace node.
Security Identity value is correctly set to attribute "OutputLocalEnvironment.Destination.File.Remote.SecurityIdentity".
My doubt is whether i setting the value to correct attribute in LocalEnvrionment variable.
Please suggest correct attribute name for SecurityIdentity in FileOutput node.
Last edited by kumar.shanj on Thu Jun 19, 2014 6:47 am; edited 1 time in total |
|
| Back to top |
|
|
| Vitor |
| Posted: Thu Jun 19, 2014 6:32 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| kumar.shanj wrote: |
| My doubt is whether i setting the value to correct attribute in LocalEnvrionment variable. |
This is what I get for not reading your original post carefully. 
| kumar.shanj wrote: |
| Please suggest correct atrribute name for SecurityIdentity in FileOutput node. |
All the possible values for the LocalEnvironment tree in connection with a file node are given here or the equivalent page for the version you're using.
I don't see a value for Security Identity.
How did you determine you could provide it dynamically at run time? Where are you storing it as (given the dynamic nature) you don't want a list of values hard coded into the ESQL and how secure is that storage?
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| kumar.shanj |
| Posted: Thu Jun 19, 2014 7:05 am Post subject: |
|
|
Apprentice
Joined: 18 Nov 2010
Posts: 49
|
I want to set different value for Security Identity to transfer files to 2 different sftp servers based on value in input message.
ie if input message has details for SFTP Server - A, then Security Identity of SFTP Server - A should be passed to File output node.
In case of input message has details for SFTP Server - B, then Security Identity of SFTP Server - B should be passed to File output node.
Kindly advise whether we can pass the value for Security Identity from compute node to File Output node or not. If Yes, advise on complete attribute path to which identity value need to set in compute node to File output node. |
|
| Back to top |
|
|
| Vitor |
| Posted: Thu Jun 19, 2014 7:14 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| kumar.shanj wrote: |
| Kindly advise whether we can pass the value for Security Identity from compute node to File Output node or not. If Yes, advise on complete attribute path to which identity value need to set in compute node to File output node. |
Kindy read what I said in my previous reply, the link I provided and then think for a moment. 
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| kumar.shanj |
| Posted: Thu Jun 19, 2014 7:29 am Post subject: |
|
|
Apprentice
Joined: 18 Nov 2010
Posts: 49
|
Hello,
i did not find any link in your previous messages.
Please share any link for reference. |
|
| Back to top |
|
|
| Vitor |
| Posted: Thu Jun 19, 2014 7:59 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| kumar.shanj wrote: |
Hello,
i did not find any link in your previous messages.
Please share any link for reference. |
Did you look here:
| Vitor wrote: |
| All the possible values for the LocalEnvironment tree in connection with a file node are given here or the equivalent page for the version you're using. |
What did you think I meant when I said "here" I do believe blue is the international colour for a hyperlink? 
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| kumar.shanj |
| Posted: Thu Jun 19, 2014 8:08 am Post subject: |
|
|
Apprentice
Joined: 18 Nov 2010
Posts: 49
|
Hi Vitor,
Thanks for the link.
But link do not have details for how to override "SecurityIdentity" in File ouput node for FTP.
I am trying to find whether override of "SecurityIdentity" is possible or not. |
|
| Back to top |
|
|
| Vitor |
| Posted: Thu Jun 19, 2014 8:54 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| kumar.shanj wrote: |
| I am trying to find whether override of "SecurityIdentity" is possible or not. |
| Vitor wrote: |
All the possible values for the LocalEnvironment tree in connection with a file node are given here or the equivalent page for the version you're using.
I don't see a value for Security Identity |
So if I tell you that all the possible values are given in the link, and that I don't see Security Identity there, and then you don't see Security Identity there, and you know because I've told you that it's a list of all the possible overrides, and that's doesn't indicate to you that the value can't be overriden.
I give up.
I don't think IBM have provided a list of everything that you can't do with the product. That's they're bad and you should use the feedback link to complain how confusing and incomplete you find the documentation.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Thu Jun 19, 2014 3:17 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
You need to add a policy that propagates the security entity to your ftp node.
This is done either on the node or on the bar file...
Have fun 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| aggarwal.intouch |
| Posted: Thu Jun 19, 2014 11:03 pm Post subject: |
|
|
Acolyte
Joined: 30 May 2011
Posts: 56
Location: India
|
|
| Back to top |
|
|
| aggarwal.intouch |
| Posted: Thu Jun 19, 2014 11:06 pm Post subject: |
|
|
Acolyte
Joined: 30 May 2011
Posts: 56
Location: India
|
|
| Back to top |
|
|
| kumar.shanj |
| Posted: Fri Jun 20, 2014 1:23 am Post subject: |
|
|
Apprentice
Joined: 18 Nov 2010
Posts: 49
|
Thanks All for support.
I achieved it to pass the value dynamically to File output node.
I configured using command :
mqsicreateconfigurableservice <BrokerName> -c FtpServer -o <ServiceName> -n serverName,protocol,scanDelay,transferMode,connectionType,securityIdentity,remoteDirectory -v <ServerIP>:<Port>,<FTP/SFTP>,20,BINARY,ACTIVE,<SecurityIdentity>,<RemtoteDirectory>
and then used <ServiceName> to variable using
SET OutputLocalEnvironment.Destination.File.Remote.Server = <ServiceName> ; |
|
| Back to top |
|
|
|
|
