Mapping credentials for a file server using exit classes
If you do not want to use the default credential mapping function of the protocol bridge agent, you can map user credentials in IBM® MQ Managed File Transfer to user credentials on the file server by writing your own user exit. IBM MQ Managed File Transfer provides a sample user exit that performs user credential mapping. If you configure credential mapping user exits, they take the place of the default credential mapping function.
Configuring protocol bridge credential user exits
About this task
com.ibm.wmqfte.exitroutine.api.ProtocolBridgeCredentialExit
, which allows a protocol bridge agent to transfer files to and from one default protocol file servercom.ibm.wmqfte.exitroutine.api.ProtocolBridgeCredentialExit2
, which allows you to transfer files to and from multiple endpoints.
com.ibm.wmqfte.exitroutine.api.ProtocolBridgeCredentialExit2
interface
contains the same function as com.ibm.wmqfte.exitroutine.api.ProtocolBridgeCredentialExit
and
also includes extended function. For more information, see ProtocolBridgeCredentialExit.java interface and ProtocolBridgeCredentialExit2.java interface.The credential exits can
be chained together in a similar manner to other user exits. The exits
are called in the order that they are specified in using the protocolBridgeCredentialConfiguration
property
in the agent properties file. The initialize methods all return separately
and if one or more returns a value of false, the agent does not start.
The error is reported in the agent event log.
- If the method returns a value of USER_SUCCESSFULLY_MAPPED or USER_DENIED_ACCESS as the result code, this value is the returned result and the mapMQUserId methods of the subsequent exits are not called.
- If the method returns a value of NO_MAPPING_FOUND as the result code, the mqMQUserId method of the next exit is called.
- If there is no subsequent exit, the NO_MAPPING_FOUND result is returned.
- An overall result code of USER_DENIED_ACCESS or NO_MAPPING_FOUND is considered as a transfer failure by the bridge agent.
To run your exit, complete the following steps:
Procedure
Using the sample user exit
About this task
A sample protocol bridge credential exit is provided in
the MQ_INSTALLATION_PATH/mqft/samples/protocolBridge directory
and in the topic Sample protocol bridge credential user exit. This sample is based on the com.ibm.wmqfte.exitroutine.api.ProtocolBridgeCredentialExit
interface.
The SampleCredentialExit.java exit
reads a properties file that maps the MQMD user IDs associated with
transfer requests to server user IDs and server passwords. The location
of the properties file is taken from the protocol bridge agent property protocolBridgeCredentialConfiguration
.
To run the sample user exit, complete the following steps: