Home

 

Access control

Normal WebSphere MQ access control techniques apply to applications and brokers opening queues for Publish/Subscribe messages. These authorization checks are carried out using standard WebSphere MQ functions. The authority is tested before any message is sent to a particular identity after a broker restart, but not necessarily each subsequent time a message is put (see Streams).

Any application putting a message to the broker's SYSTEM.BROKER.CONTROL.QUEUE must have authorization to put messages to this queue.

A publisher must be authorized to put messages on the broker's appropriate stream queue.

Subscribers must be authorized to browse the broker's stream queue; this is checked by the broker because the subscriber does not try to open the broker's stream queue. In addition, a subscriber must have authority to put messages on the subscriber queue that the publications will be sent to.

There is no topic based security; the access check is for the stream and there are no further checks on topics within a particular stream.

 

Home