The com.ibm.mq.ipt.exit.SecurityExit class

Methods

public int init(IPTTrace)

The following properties are available:

• listener port
• destination
• destination port
• version

The init method will be called by MQIPT when a route is started. On return from this method the security exit must be ready to validate a connection request. Valid possible return codes are ExitRc.OK or ExitRc.INIT_ERROR.

public int refresh(IPTTrace)

The following properties are available:

• listener port
• destination
• destination port

The refresh method will be called by MQIPT when it has been asked to refresh itself by the IPT Administration Client. This action will usually be called when a property has been changed in the configuration file. MQIPT will load all the properties from the configuration file and determine which ones have been changed and whether a route needs to be restarted immediately, or whether it can wait until the next time MQIPT is restarted.

This method should perform a reload of any external data it uses (that is, data loaded during the init method). Valid possible return codes are ExitRc.OK or ExitRc.REFRESH_ERROR.

public void close(IPTTrace)

The following properties are available:

• listener port
• destination
• destination port

The close() method will be called by MQIPT when it has been asked to stop by the MQIPT IPT Administration Client. It should free up any system resource it has acquired during its operation. MQIPT will wait for this method to complete before shutting down.

This method will also be called if a security exit was enabled, but has now been disabled in the configuration file.

public SecurityExitResponse validate(IPTTrace)

The following properties are available:

• listener port
• destination
• destination port
• timeout
• client IP address
• client port address
• channel name
• queue manager name

The validate method will be called by MQIPT when it receives a connection request to validate. The channel name and queue manager name will not be available if the SSLProxyMode property has been enabled, as this feature is only used to tunnel SSL/TLS data and therefore the data usually obtained from the initial data flow will be unreadable.

The security exit must return a SecurityExitResponse object, containing the following information:

• reason code (must be set)
• new destination address (optional)
• new destination listener port address (optional)
• message (optional)

The reason code will determine if the connection will be accepted or rejected by MQIPT. The newDestination and newDestinationPort fields can optionally be set to define a new target queue manager. If you do not set these properties, the route Destination and DestinationPort properties defined in the configuration file will be used. Any message will be appended to the connection log file entry.

Supported methods for obtaining properties:

public int getListenerPort()

retrieves the route listener port - as defined by the ListenerPort property

public String getDestination()

retrieves the destination address - as defined by the Destination property

public int getDestinationPort()

retrieves the destination listener port address - as defined by the DestinationPort property

public String getClientIPAddress()

retrieves the IP address of the client making the connection request

public int getClientPortAddress()

retrieves the port address used by the client making the connection request

public int getTimeout()

retrieves the timeout value. MQIPT will wait for the security exit to validate a request - as defined by the SecurityExitTimeout property

public int getConnThreadID()

retrieves the connection thread ID handling the connection request, which is useful for debugging purposes

public String getChannelName()

retrieves the IBM® MQ channel name used in the connection request

public String getQMName()

retrieves the IBM MQ queue manager name used in the connection request

public boolean getTimedout()

can be used by the security exit to determine if the timeout has expired