Scenario: Using a security exit

In this scenario, we can use a supplied sample security exit, called SampleSecurityExit, so that only client connections that use a channel name starting with the characters MQIPT. are allowed.

Before you begin

• Before you start to use this scenario, make sure that we have completed the prerequisite tasks listed in Scenarios: Getting started with MQIPT.
• Install Java 8.0 JDK.
• Add the Java bin subdirectory to the PATH environment variable.

About this task

If we use the suggested srvconn channel name of MQIPT.CONN.CHANNEL (as used in most of these scenarios), the client connection will be allowed to complete and an IBM MQ message can be placed on the queue.

To demonstrate that the security exit is working as expected, define another srvconn channel with any name that does not start with the characters MQIPT. (for example, TEST.CONN.CHANNEL) and try the amqsputc command again, but having changed the MQSERVER environment variable to use the new channel name. This time the connection will be refused and a 2059 error will be given.

This diagram shows the connection flow from the IBM MQ client (called client1.company1.com on port 1415) through MQIPT to the IBM MQ server (called server1.company2.com on port 1414).

Procedure

To use a security exit, complete the following steps:

1. On MQIPT1:
   1. Open a command prompt and enter the following commands:

      C:
      cd \mqipt\exits
      javac -classpath C:\mqipt\lib\com.ibm.mq.ipt.jar;. SampleSecurityExit.java

   2. Edit mqipt.conf and add a route definition:

      [route]
      ListenerPort=1415
      Destination=server1.company2.com
      DestinationPort=1414
      SecurityExit=true
      SecurityExitName=SampleSecurityExit

   3. Open a command prompt and start MQIPT:

      C:\mqipt\bin\mqipt C:\mqiptHome

      where C:\mqiptHome indicates the location of the MQIPT configuration file, mqipt.conf.The following message indicates successful completion:

      5639-L92 (C) Copyright IBM Corp. 2000, 2017 All Rights Reserved
      MQCPI001 IBM MQ Internet Pass-Thru Version 2.1.0.3 starting
      MQCPI004 Reading configuration information from C:\mqiptHome\mqipt.conf
      MQCPI011 The path C:\mqiptHome\logs will be used to store the log files
      MQCPI006 Route 1415 has started and will forward messages to :
      MQCPI034 ....server1.company2.com(1414)
      MQCPI035 ....using MQ protocols
      MQCPI079 ....using security exit C:\mqipt\exits\SampleSecurityExit
      MQCPI080 ......and timeout of 5 seconds
      MQCPI078 Route 1415 ready for connection requests

2. At a command prompt on the IBM MQ client, enter the following commands:
   1. Set the MQSERVER environment variable:

      SET MQSERVER=MQIPT.CONN.CHANNEL/tcp/10.9.1.2(1415)

   2. Put a message:

      amqsputc MQIPT.LOCAL.QUEUE MQIPT.QM1
      Hello world

      Press Enter twice after typing the message string.
   3. Get the message:

      amqsgetc MQIPT.LOCAL.QUEUE MQIPT.QM1

      The message, "Hello world" is returned.