Restricting AMQP client takeover
When an AMQP client connection is made that has the same client identifier as an existing AMQP client connection, the existing client connection is disconnected by default. However, we can configure the queue manager to restrict the client takeover behavior so that takeover is possible only when certain criteria are met.
For example, disconnecting the existing client connection might not be appropriate if there are AMQP applications being developed by different teams and they happen to be using the same client ID. To address this issue we can restrict client takeover based on the name of the AMQP channel being used, the IP address of the client, and client User ID (when SASL authentication is enabled).
Use the settings of queue manager attributes AdoptNewMCA and AdoptNewMCACheck to specify the required level of client takeover restriction, as detailed in the following table:
AdoptNewMCA AdoptNewMCACheck Criteria checked before client takeover is allowed NO or undefined Not applicable None. Client takeover is allowed for all client connections that are authenticated and pass all CHLAUTH rules. ALL (or value other than NO) QM or undefined None. Client takeover is allowed for all client connections that are authenticated and pass all CHLAUTH rules. ALL (or value other than NO) NAME User ID (when SASL enabled)
Channel nameALL (or value other than NO) ADDRESS User ID (when SASL enabled)
IP addressALL (or value other than NO) ALL User ID (when SASL enabled)
Channel name
IP addressThe queue manager attributes AdoptNewMCA and AdoptNewMCACheck are part of the queue manager configuration, which is defined in the CHANNELS stanza. On IBM MQ for Windows and IBM MQ for Linux x86-64 systems, modify configuration information using the IBM MQ Explorer. On other systems, modify the information by editing the qm.ini configuration file. For information about how to modify the queue manager channels information, see Attributes of channels.
Parent topic: Securing AMQP clients
Related information