In this scenario, you can use a supplied sample security
exit, called SampleSecurityExit, so that only client connections that
use a channel name starting with the characters MQIPT. are allowed.
Add the Javabin subdirectory to the PATH environment variable.
About this task
The sample exit used in this scenario is SampleSecurityExit.java. It is
provided with MQIPT in the
samples/exits subdirectory of the MQIPT installation directory.
If you use the suggested server connection channel name of MQIPT.CONN.CHANNEL
(as used in most of these scenarios), the client connection will be allowed to complete and an
IBM MQ message can be placed on the queue.
To demonstrate that the security exit is working as expected, define another server connection
channel with any name that does not start with the characters MQIPT. (for example,
TEST.CONN.CHANNEL) and try the amqsputc command again, but
having changed the MQSERVER environment variable to use the new channel name.
This time the connection will be refused and a 2059 (MQRC_Q_MGR_NOT_AVAILABLE) error will be
returned.
This diagram shows the connection flow from the IBM MQ client (called client1.company1.com
on port 1415) through MQIPT to the IBM MQ server (called server1.company2.com
on port 1414).
Procedure
To use a security exit, complete the following steps:
On the MQIPT computer:
Create a directory called exits in the MQIPT home directory by issuing the following command in a
command prompt:
md C:\mqiptHome\exits
Enter the following commands to compile the exit. You do not have to do this if you
have not changed the exit code as the compiled sample exit is supplied with MQIPT.
C:
cd \mqipt\samples\exits
javac -classpath C:\mqipt\lib\com.ibm.mq.ipt.jar;. SampleSecurityExit.java
Enter the following command to copy the compiled exit class file
SampleSecurityExit.class to the C:\mqiptHome\exits
directory:
where
C:\mqiptHome indicates the location of the MQIPT configuration file, mqipt.conf, and
ipt1 is the name to be given to the instance of MQIPT.
The following messages indicate that MQIPT has
started
successfully:
5724-H72 (C) Copyright IBM Corp. 2000, 2024. All Rights Reserved
MQCPI001 IBM MQ Internet Pass-Thru V9.2.0.0 starting
MQCPI004 Reading configuration information from mqipt.conf
MQCPI152 MQIPT name is ipt1
MQCPI021 Password checking has been enabled on the command port
MQCPI011 The path C:\mqiptHome\logs will be used to store the log files
MQCPI006 Route 1415 has started and will forward messages to :
MQCPI034 ....server1.company2.com(1414)
MQCPI035 ....using MQ protocol
MQCPI079 ....using security exit C:\mqiptHome\exits\SampleSecurityExit
MQCPI080 ......and timeout of 30 seconds
MQCPI078 Route 1415 ready for connection requests
At a command prompt on the IBM MQ client
system, enter the following commands:
Set the MQSERVER environment variable:
SET MQSERVER=MQIPT.CONN.CHANNEL/tcp/10.9.1.2(1415)
Put a message:
amqsputc MQIPT.LOCAL.QUEUE MQIPT.QM1
Hello world
Press Enter twice after
typing the message string.