All authenticators must extend the base authenticator class:
class MyAuthenticator extends com.ibm.mqe.MQeAuthenticator
The following methods in the base class can be overridden:
- activateMaster()
- The
signature for this method is:
public byte[] activateMaster( boolean local ) throws Exception
It
is invoked on the queue manager that initiates access to a queue. The parameter
local indicates whether this is a local access; that is, the queue is on the
same queue manager, local == true, or a remote access, local == false. The
method should collect data to authenticate the queue manager or user and return
the data in a byte array. The data is passed to the activateSlave() method.
The activateMaster() method in the base class, MQeAuthenticator,
simply returns null. It does not throw any exceptions. Any exceptions thrown
by this method, in a subclass, are not caught by MQe itself, but are passed
back to the user's code and terminate the attempt to access the queue.
- activateSlave()
- The
signature for this method is:
public byte[] activateSlave( boolean local, byte data[] ) throws Exception
This
is invoked on the queue manager that owns the queue. The parameter local indicates
whether this is a local access, i.e. initiated on the same queue manager,
local == true, or a remote access, local == false. The parameter datacontains
the data returned by the activateMaster() method. The activateSlave() method
should validate this data. If it is satisfied with the data it should call
the setAuthenticatedID() method to set the name of the authenticated
entity, this indicates that the first stage of the authentication was successful.
It can then collect data to authenticate the local queue manager and return
it in a byte array. The data is passed to the slaveResponse() method.
If it is not satisfied with the data, it throws an exception indicating the
reason. The activateSlave() method in the base class, MQeAuthenticator,
checks whether the name of the authenticated entity has been set and if it
has, it logs the name; it then returns null. It does not throw any exceptions.
Any exceptions thrown by this method, in a subclass, are not caught by MQe
itself, but are passed back to the initiating queue manager where they are
re-thrown. MQe does not catch these exceptions on the initiating queue manager
and they are passed back to the user's code and will terminate the attempt
to access the queue.
- slaveResponse()
- The
signature for this method is:
public void slaveResponse( boolean local, byte data[] ) throws Exception
It
is invoked on the queue manager that initiates access to a queue. The local
parameter indicates whether this is a local access, local == true, or a remote
access, local == false. The parameter data contains the data returned by the
activateSlave() method. If it is satisfied with the data it should call the setAuthenticatedID() method
to set the name of the authenticated entity, this indicates that the second
stage of the authentication was successful. If the activateSlave() method
did not return any data, and the slaveResponse() method is satisfied with
this, it still calls setAuthenticatedID() to indicate success.
If it is not satisfied with the data, it throws an exception indicating the
reason. The slaveResponse() method in the base class, MQeAuthenticator,
simply returns null. It does not throw any exceptions. Any exceptions thrown
by this method, in a subclass, are not caught by MQe itself, but are passed
back to the user's code and terminate the attempt to access the queue.
Figure 1. The slaveResponse() method in MQeAuthenticator
When a queue is accessed locally, the three methods are invoked in sequence
on the local queue manager.