Mapping credentials for a file server using exit classes
If you do not want to use the default credential mapping function of the protocol bridge agent, you can map user credentials in WebSphere® MQ File Transfer Edition to user credentials on the file server by writing your own user exit. WebSphere MQ File Transfer Edition provides a sample user exit that performs user credential mapping. If you configure credential mapping user exits, they take the place of the default credential mapping function.
Configuring protocol bridge credential user exits
About this task
- com.ibm.wmqfte.exitroutine.api.ProtocolBridgeCredentialExit, which allows a protocol bridge agent to transfer files to and from one default protocol file server
- com.ibm.wmqfte.exitroutine.api.ProtocolBridgeCredentialExit2, which allows you to transfer files to and from multiple endpoints if you have enabled the Version 7.0.4.1 function
The credential exits can be chained together in a similar manner to other user exits. The exits are called in the order that they are specified in using the protocolBridgeCredentialConfiguration property in the agent properties file. The initialize methods all return separately and if one or more returns a value of false, the agent does not start. The error is reported in the agent event log.
- If the method returns a value of USER_SUCCESSFULLY_MAPPED or USER_DENIED_ACCESS as the result code, this value is the returned result and the mapMQUserId methods of the subsequent exits are not called.
- If the method returns a value of NO_MAPPING_FOUND as the result code, the mqMQUserId method of the next exit is called.
- If there is no subsequent exit, the NO_MAPPING_FOUND result is returned.
- An overall result code of USER_DENIED_ACCESS or NO_MAPPING_FOUND is considered as a transfer failure by the bridge agent.
To run your exit, complete the following steps:
Procedure
- Compile the protocol bridge credential user exit.
- Create a Java™ archive (JAR) file containing the compiled exit and its package structure.
- Place the JAR file containing the exit class in the exits directory of the bridge agent. This directory is in the configuration_directory/coordination_queue_manager/agents/bridge_agent_name directory.
- Edit the property file of the protocol bridge agent to include the property protocolBridgeCredentialExitClasses. For the value of this property, specify a comma-separated list of classes that implement a protocol bridge credential exit routine. The exit classes are called in the order that they are specified in this list. For more information, see The agent.properties file.
- You can optionally specify the protocolBridgeCredentialConfiguration property. The value you specify for this property is passed in as a String object to the initialize() method of the exit classes specified by protocolBridgeCredentialExitClasses. For more information, see The agent.properties file.
- Start the protocol bridge agent with the fteStartAgent command.
Using the sample user exit
About this task
A sample protocol bridge credential exit is provided in the installation_directory/samples/protocolBridge directory and in the topic Sample protocol bridge credential user exit. This sample is based on the com.ibm.wmqfte.exitroutine.api.ProtocolBridgeCredentialExit interface.
The SampleCredentialExit.java exit reads a properties file that maps the MQMD user IDs associated with transfer requests to server user IDs and server passwords. The location of the properties file is taken from the protocol bridge agent property protocolBridgeCredentialConfiguration.
To run the sample user exit, complete the following steps: