开发者

What is MQSecurityExit in WebSphere MQ Java classes?

I am trying to find some documentation on what is MQSecurityExit and how do we actually implement it in Java. I just have a very little idea on this - like I believe it's for authenticating MQ client to MQ provider. But don't know how this fits in开发者_如何转开发 overall security architecture of WebSphere MQ.


An exit is a point in the vendor code that calls out to user or 3rd party code to perform custom functions. WebSphere MQ provides security exit points at both the server and at the client. A common use for a security exit is that after authenticating the connection, the exit sets the MCAUSER field in the channel to the user ID that was resolved in the authentication. Authorization is performed against this value.

A stand-alone server-side exit can authenticate connections based on data passed in the connection request. The most common items used by a server-side exit are SSL certificate details, user credentials passed from the client and IP connection information.

A client/server exit pair can do any arbitrarily complex authentication. For example, the client-side exit can prompt the user for ID and password, encrypt these and then forward to the server-side exit for validation. There is an SSPI exit pair supplied with the Windows version of WMQ that authenticates using Kerberos tokens.

Server-side exits must be written in C. In v6.0 and prior versions of WebSphere MQ you were required to write channel exits in C as well. As of v7 it is possible to write channel exits in Java as described in the documentation here. Note that client channel exits are most useful when paired with a server-side exit. For example, it would not do much good for a client channel exit to supply authentication credentials if there is no server-side exit to do something with them.

Additional information on exits is available in the Intercommunications manual.
A well known example of a server-side exit is BlockIP2.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜