Mapping credentials for a file server using exit classes
If you do not want to use the default credential mapping function of the protocol bridge agent, you can map user credentials in WebSphere® MQ Managed File Transfer to user credentials on the file server by writing your own user exit. WebSphere MQ Managed File Transfer provides a sample user exit that performs user credential mapping. If you configure credential mapping user exits, they take the place of the default credential mapping function.
Configuring protocol bridge credential user exits
About this task
com.ibm.wmqfte.exitroutine.api.ProtocolBridgeCredentialExit
, which allows a protocol bridge agent to transfer files to and from one default protocol file servercom.ibm.wmqfte.exitroutine.api.ProtocolBridgeCredentialExit2
, which allows you to transfer files to and from multiple endpoints.
com.ibm.wmqfte.exitroutine.api.ProtocolBridgeCredentialExit2
interface
contains the same function as com.ibm.wmqfte.exitroutine.api.ProtocolBridgeCredentialExit
and
also includes extended function. For more information, see ProtocolBridgeCredentialExit.java interface and ProtocolBridgeCredentialExit2.java interface.The credential exits can
be chained together in a similar manner to other user exits. The exits
are called in the order that they are specified in using the protocolBridgeCredentialConfiguration
property
in the agent properties file. The initialize methods all return separately
and if one or more returns a value of false, the agent does not start.
The error is reported in the agent event log.
- If the method returns a value of USER_SUCCESSFULLY_MAPPED or USER_DENIED_ACCESS as the result code, this value is the returned result and the mapMQUserId methods of the subsequent exits are not called.
- If the method returns a value of NO_MAPPING_FOUND as the result code, the mqMQUserId method of the next exit is called.
- If there is no subsequent exit, the NO_MAPPING_FOUND result is returned.
- An overall result code of USER_DENIED_ACCESS or NO_MAPPING_FOUND is considered as a transfer failure by the bridge agent.
To run your exit, complete the following steps:
Procedure
- Compile the protocol bridge credential user exit.
- Create a Java archive (JAR) file containing the compiled exit and its package structure.
- Place the JAR file containing the exit class in the exits directory of the bridge agent. This directory is in the MQ_DATA_PATH/mqft/config/coordination_queue_manager/agents/bridge_agent_name directory.
- Edit the property file of the protocol bridge agent to
include the property
protocolBridgeCredentialExitClasses
. For the value of this property, specify a comma-separated list of classes that implement a protocol bridge credential exit routine. The exit classes are called in the order that they are specified in this list. For more information, see The agent.properties file. - You can optionally specify the
protocolBridgeCredentialConfiguration
property. The value you specify for this property is passed in as a String object to the initialize() method of the exit classes specified byprotocolBridgeCredentialExitClasses
. For more information, see The agent.properties file. - Start the protocol bridge agent with the fteStartAgent command.
Using the sample user exit
About this task
A sample protocol bridge credential exit is provided in
the MQ_INSTALLATION_PATH/mqft/samples/protocolBridge directory
and in the topic Sample protocol bridge credential user exit. This sample is based on the com.ibm.wmqfte.exitroutine.api.ProtocolBridgeCredentialExit
interface.
The SampleCredentialExit.java exit
reads a properties file that maps the MQMD user IDs associated with
transfer requests to server user IDs and server passwords. The location
of the properties file is taken from the protocol bridge agent property protocolBridgeCredentialConfiguration
.
To run the sample user exit, complete the following steps: