Mapping credentials for a file server by using exit classes
If we do not want to use the default credential mapping function of the protocol bridge agent, we can map user credentials in Managed File Transfer to user credentials on the file server by writing your own user exit. If you configure credential mapping user exits, they take the place of the default credential mapping function.
About this task
Managed File Transfer provides a sample user exit that performs user credential mapping. For more information, see Use the sample protocol bridge credential user exit.
A user exit for mapping protocol bridge credentials must implement one of the following interfaces:
- com.ibm.wmqfte.exitroutine.api.ProtocolBridgeCredentialExit, which allows a protocol bridge agent to transfer files to and from one default protocol file server
- com.ibm.wmqfte.exitroutine.api.ProtocolBridgeCredentialExit2, which allows you to transfer files to and from multiple endpoints.
The com.ibm.wmqfte.exitroutine.api.ProtocolBridgeCredentialExit2 interface contains the same function as com.ibm.wmqfte.exitroutine.api.ProtocolBridgeCredentialExit and also includes extended function. For more information, see ProtocolBridgeCredentialExit.java interface and ProtocolBridgeCredentialExit2.java interface.
The credential exits can be chained together in a similar manner to other user exits. The exits are called in the order that they are specified in using the protocolBridgeCredentialConfiguration property in the agent properties file. The initialize methods all return separately and if one or more returns a value of false, the agent does not start. The error is reported in the agent event log.
Only one overall result is returned for the mapMQUserId methods of all of the exits as follows:
- If the method returns a value of USER_SUCCESSFULLY_MAPPED or USER_DENIED_ACCESS as the result code, this value is the returned result and the mapMQUserId methods of the subsequent exits are not called.
- If the method returns a value of NO_MAPPING_FOUND as the result code, the mqMQUserId method of the next exit is called.
- If there is no subsequent exit, the NO_MAPPING_FOUND result is returned.
- An overall result code of USER_DENIED_ACCESS or NO_MAPPING_FOUND is considered as a transfer failure by the bridge agent.
To run your exit, complete the following steps:
Procedure
- Compile the protocol bridge credential user exit.
- Create a Java archive (JAR) file that contains the compiled exit and its package structure.
- Place the JAR file that contains the exit class in the exits directory of the bridge agent. The directory is in the MQ_DATA_PATH/mqft/config/coordination_queue_manager/agents/bridge_agent_name directory.
- Edit the property file of the protocol bridge agent to include the property protocolBridgeCredentialExitClasses. For the value of this property, specify a comma-separated list of classes that implement a protocol bridge credential exit routine. The exit classes are called in the order that they are specified in this list. For more information, see The MFT agent.properties file.
- Edit the property file of the protocol bridge agent to include:
exitClassPath=IBM MQ installation_directory\mqft\config\configuration_queue_manager\agents\protocol_bridge_agent_name\exits\SampleCredentialExit.jarThe agent.properties file for an agent is in your MQ_DATA_PATH/mqft/config/coordination_qmgr_name/agents/bridge_agent_name directory.
If we change the agent.properties file, we must restart the agent to pick up the changes.
- We can optionally specify the protocolBridgeCredentialConfiguration property. The value that you specify for this property is passed in as a String object to the initialize() method of the exit classes specified by protocolBridgeCredentialExitClasses. For more information, see The MFT agent.properties file.
- Start the protocol bridge agent with the fteStartAgent command.
- Use the sample protocol bridge credential user exit
Managed File Transfer provides a sample user exit that performs user credential mapping.Parent topic: Mapping credentials for a file server