Connect:Direct credentials file format
The ConnectDirectCredentials.xml file in the Managed File Transfer Agent configuration directory defines the user names and credential information that the Connect:Direct® agent uses to authorize itself with a Connect:Direct node.
The ConnectDirectCredentials.xml file must conform to the ConnectDirectCredentials.xsd schema. The ConnectDirectCredentials.xsd schema document is located in the MQ_INSTALLATION_PATH/mqft/samples/schema directory of the MQMFT installation. A sample ConnectDirectCredentials.xml file is located in the MQ_INSTALLATION_PATH/mqft/samples/credentials directory of the MQMFT installation.
The file ConnectDirectCredentials.xml is periodically reloaded by the agent and any valid changes to the file will affect the behavior of the agent. The default reload interval is 30 seconds. This interval can be changed by specifying the agent property xmlConfigReloadInterval in the agent.properties file.
Schema
The following schema describes which elements are valid in the ConnectDirectCredentials.xml file.
<?xml version="1.0" encoding="UTF-8"?> <!-- This schema defines the format of the XML file that is located in the agent properties directory of a Connect:Direct bridge agent. The XML file ConnectDirectCredentials.xml is used by the default credential validation of the Connect:Direct bridge. For more information, see the WebSphere MQ InfoCenter --> <schema targetNamespace="http://wmqfte.ibm.com/ConnectDirectCredentials" elementFormDefault="qualified" xmlns="http://www.w3.org/2001/XMLSchema" xmlns:tns="http://wmqfte.ibm.com/ConnectDirectCredentials" <!-- <?xml version="1.0" encoding="UTF-8"?> <tns:credentials xmlns:tns="http://wmqfte.ibm.com/ConnectDirectCredentials" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://wmqfte.ibm.com/ConnectDirectCredentials ConnectDirectCredentials.xsd"> <tns:agent name="CDAGENT01"> <tns:pnode name="cdnode*" pattern="wildcard"> <tns:user name="MUSR_.*" ignorecase="true" pattern="regex" cdUserId="bob" cdPassword="passw0rd" pnodeUserId="bill" pnodePassword="alacazam"> <tns:snode name="cdnode2" pattern="wildcard" userId="sue" password="foo"/> </tns:user> </tns:pnode> </tns:agent> </tns:credentials> --> <element name="credentials" type="tns:credentialsType"/> <complexType name="credentialsType"> <sequence> <element name="agent" type="tns:agentType" minOccurs="0" maxOccurs="unbounded"/> </sequence> </complexType <complexType name="agentType"> <sequence> <element name="pnode" type="tns:pnodeType" minOccurs="0" maxOccurs="unbounded"/> </sequence> <attribute name="name" type="string" use="required"/> </complexType> <complexType name="pnodeType"> <sequence> <element name="user" type="tns:userType" minOccurs="0" maxOccurs="unbounded"/> </sequence> <attribute name="name" type="string" use="required"/> <attribute name="pattern" type="tns:patternType" use="optional"/> </complexType <complexType name="userType"> <sequence> <element name="snode" type="tns:snodeType" minOccurs="0" maxOccurs="unbounded"/> </sequence> <attribute name="name" type="string" use="required"/> <attribute name="ignorecase" type="boolean" use="optional"/> <attribute name="pattern" type="tns:patternType" use="optional"/> <attribute name="cdUserId" type="string" use="optional"/> <attribute name="cdUserIdCipher" type="string" use="optional"/> <attribute name="cdPassword" type="string" use="optional"/> <attribute name="cdPasswordCipher" type="string" use="optional"/> <attribute name="pnodeUserId" type="string" use="optional"/> <attribute name="pnodeUserIdCipher" type="string" use="optional"/> <attribute name="pnodePassword" type="string" use="optional"/> <attribute name="pnodePasswordCipher" type="string" use="optional"/> </complexType> <complexType name="snodeType" <attribute name="name" type="string" use="required"/> <attribute name="pattern" type="tns:patternType" use="optional"/> <attribute name="userId" type="string" use="optional"/> <attribute name="userIdCipher" type="string" use="optional"/> <attribute name="password" type="string" use="optional"/> <attribute name="passwordCipher" type="string" use="optional"/> </complexType> <simpleType name="patternType"> <restriction base="string"> <enumeration value="regex"/> <enumeration value="wildcard"/> </restriction> </simpleType> </schema>
Understanding the ConnectDirectCredentials.xml file
The elements and attributes used in the ConnectDirectCredentials.xml file are described in the following list.
- <credentials>
- Group element containing elements that describe the credentials used by a Connect:Direct bridge agent to connect to a Connect:Direct node.
- <agent>
- Group element containing elements for <pnode> definitions for a named agent.
- <pnode>
- The primary node (PNODE) in the Connect:Direct transfer. This
node initiates the connection to the secondary node (SNODE).
Attribute Description name The name of the Connect:Direct node. The value of this attribute can be a pattern that matches many node names. pattern Specifies the type of pattern that is used for the value of the name attribute. Valid values for the pattern attribute are - wildcard - wildcards are used
- regex - Java regular expressions are used
- <user>
- The IBM MQ user that submits the transfer request.
Attribute Description name The user name that is used with Managed File Transfer. The value of this attribute can be a pattern that matches many user names. ignorecase Specifies whether the case of the name is ignored. Valid values for the ignorecase attribute are - true - the name is not case sensitive
- false - the name is case sensitive
pattern Specifies the type of pattern that is used for the value of the name attribute. Valid values for the pattern attribute are - wildcard - wildcards are used
- regex - Java regular expressions are used
cdUserId or cdUserIdCipher The user name that is used by the Connect:Direct bridge to connect to its associated Connect:Direct node. If the fteObfuscate command has been used then the cipher version of the attribute must be used. cdPassword or cdPasswordCipher The password associated with the user name specified by the cdUserId attribute. If the fteObfuscate command has been used then the cipher version of the attribute must be used. pnodeUserId or pnodeUserIdCipher The user name that is used by the Connect:Direct primary node. If the fteObfuscate command has been used then the cipher version of the attribute must be used. pnodePassword or pnodePasswordCipher The password associated with the user name specified by the pnodeUserId attribute. If the fteObfuscate command has been used then the cipher version of the attribute must be used. - <snode>
- The Connect:Direct node
that performs the role of secondary node (SNODE) during the Connect:Direct file transfer.
Attribute Description name The name of the Connect:Direct node. The value of this attribute can be a pattern that matches many node names. pattern Specifies the type of pattern that is used for the value of the name attribute. Valid values for the pattern attribute are - wildcard - wildcards are used
- regex - Java regular expressions are used
userId or userIdCipher The user name used to connect to this node during a file transfer. If the fteObfuscate command has been used then the cipher version of the attribute must be used. password or passwordCipher The password associated with the user name specified by the userId attribute. If the fteObfuscate command has been used then the cipher version of the attribute must be used.
Example
In this example, the Connect:Direct bridge agent connects to the Connect:Direct node pnode1. When an IBM MQ user with the user name beginning with the prefix fteuser followed by a single character, for example fteuser2, requests a transfer involving the Connect:Direct bridge, the Connect:Direct bridge agent will use the user name cduser and the password passw0rd to connect to the Connect:Direct node pnode1. When the Connect:Direct node pnode1 performs its part of the transfer it uses the user name pnodeuser and the password passw0rd1.
If the secondary node in the Connect:Direct transfer has a name that begins with the prefix FISH, the node pnode1 uses the user name fishuser and the password passw0rd2 to connect to the secondary node. If the secondary node in the Connect:Direct transfer has a name that begins with the prefix CHIPS, the node pnode1 uses the user name chipsuser and the password passw0rd3 to connect to the secondary node.
<?xml version="1.0" encoding="UTF-8"?> <tns:credentials xmlns:tns="http://wmqfte.ibm.com/ConnectDirectCredentials" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://wmqfte.ibm.com/ConnectDirectCredentials ConnectDirectCredentials.xsd"> <tns:agent name="CDAGENT01"> <tns:pnode name="pnode1" pattern="wildcard"> <tns:user name="fteuser?" pattern="wildcard" ignorecase="true" cdUserId="cduser" cdPassword="passw0rd" pnodeUserId="pnodeuser" pnodePassword="passw0rd1"> <tns:snode name="FISH*" pattern="wildcard" userId="fishuser" password="passw0rd2"/> <tns:snode name="CHIPS*" pattern="wildcard" userId="chipsuser" password="passw0rd3"/> </tns:user> </tns:pnode> </tns:agent> </tns:credentials>