是否可以将 MQIPT 配置为验证 MQ 客户端为特定连接设置的凭据
Can MQIPT be configured to authenticate the credentials set by MQ client for a specific connection
场景:MQIPT 在 MQ 客户端和 MQ 服务器版本 8 之间使用。
是否可以验证随 MQIPT 通道连接一起发送的凭据。我检查了文档,似乎无法完成,除非为它编写某种安全出口。
只是想听听大家对此的看法,如果可能的话,如何实现它。
谢谢。
MQIPT com.ibm.mq.ipt.exit.SecurityExit 和 com.ibm.mq.ipt.exit.CertificateExit 类 不会公开客户端通道的用户名和密码信息。以下是 IBM 关于这两种退出类型的文档。
The com.ibm.mq.ipt.exit.SecurityExit class 记录在 IBM v9.0 知识中心,其中包含以下信息:
public SecurityExitResponse validate(IPTTrace)
The following properties are available:
- listener port
- destination
- destination port
- timeout
- client IP address
- client port address
- channel name
- queue manager name
The validate method will be called by MQIPT when it receives a
connection request to validate. The channel name and queue manager
name will not be available if the SSLProxyMode property has been
enabled, as this feature is only used to tunnel SSL/TLS data and
therefore the data usually obtained from the initial data flow will be
unreadable.
The com.ibm.mq.ipt.exit.CertificateExit class 记录在 IBM v9.0 知识中心中,包含以下信息:
Supported methods for obtaining properties:
public int getListenerPort()
retrieves the route listener port - as defined by the ListenerPort
property
public String getDestination()
retrieves the destination address - as defined by the Destination
property
public int getDestinationPort()
retrieves the destination listener port address - as defined by the
DestinationPort property
public String getClientIPAddress()
retrieves the IP address of the client making the connection request
public int getClientPortAddress()
retrieves the port address used by the client making the connection
request
public boolean isSSLClient()
used to determine if the exit is being called as an SSL/TLS client or
SSL/TLS server. If this returns true, the exit is on the client side
of the connection, validating the certificate obtained from the
server. If this returns false, the exit is on the server side of the
connection, validating the certificate sent by the client. It is valid
for a route to act as both an SSL/TLS server and an SSL/TLS client,
decrypting and re-encrypting traffic. In this situation, although
there is a single exit class, some instances of the class will be
called as clients and some as servers. You can use isSSLClient to
determine the situation for a given instance.
public int getConnThreadID()
used to retrieve the ID of the worker thread that is handling the
connection request, which can be useful for debugging.
public String getChannelName()
retrieves the IBM® MQ channel name that is used in the connection
request. This is available only when the incoming request is not using
SSL/TLS and MQIPT is acting as an SSL/TLS client.
public String getQMName()
retrieves the name of the IBM MQ queue manager used in the connection
request. This is available only when the client request is not using
SSL/TLS and MQIPT is acting as an SSL/TLS client.
public boolean getTimedout()
used by the exit to determine if the timeout has expired.
public IPTCertificate getCertificate()
retrieves the SSL/TLS certificate that needs to be validated.
public String getExitData()
retrieves the exit data, as defined by the SSLExitData property.
public String getExitName()
retrieves the exit name, as defined by the SSLExitName property.
场景:MQIPT 在 MQ 客户端和 MQ 服务器版本 8 之间使用。
是否可以验证随 MQIPT 通道连接一起发送的凭据。我检查了文档,似乎无法完成,除非为它编写某种安全出口。
只是想听听大家对此的看法,如果可能的话,如何实现它。
谢谢。
MQIPT com.ibm.mq.ipt.exit.SecurityExit 和 com.ibm.mq.ipt.exit.CertificateExit 类 不会公开客户端通道的用户名和密码信息。以下是 IBM 关于这两种退出类型的文档。
The com.ibm.mq.ipt.exit.SecurityExit class 记录在 IBM v9.0 知识中心,其中包含以下信息:
public SecurityExitResponse validate(IPTTrace)
The following properties are available:
- listener port
- destination
- destination port
- timeout
- client IP address
- client port address
- channel name
- queue manager name
The validate method will be called by MQIPT when it receives a connection request to validate. The channel name and queue manager name will not be available if the SSLProxyMode property has been enabled, as this feature is only used to tunnel SSL/TLS data and therefore the data usually obtained from the initial data flow will be unreadable.
The com.ibm.mq.ipt.exit.CertificateExit class 记录在 IBM v9.0 知识中心中,包含以下信息:
Supported methods for obtaining properties:
public int getListenerPort()retrieves the route listener port - as defined by the ListenerPort property
public String getDestination()
retrieves the destination address - as defined by the Destination property
public int getDestinationPort()
retrieves the destination listener port address - as defined by the DestinationPort property
public String getClientIPAddress()
retrieves the IP address of the client making the connection request
public int getClientPortAddress()
retrieves the port address used by the client making the connection request
public boolean isSSLClient()
used to determine if the exit is being called as an SSL/TLS client or SSL/TLS server. If this returns true, the exit is on the client side of the connection, validating the certificate obtained from the server. If this returns false, the exit is on the server side of the connection, validating the certificate sent by the client. It is valid for a route to act as both an SSL/TLS server and an SSL/TLS client, decrypting and re-encrypting traffic. In this situation, although there is a single exit class, some instances of the class will be called as clients and some as servers. You can use isSSLClient to determine the situation for a given instance.
public int getConnThreadID()
used to retrieve the ID of the worker thread that is handling the connection request, which can be useful for debugging.
public String getChannelName()
retrieves the IBM® MQ channel name that is used in the connection request. This is available only when the incoming request is not using SSL/TLS and MQIPT is acting as an SSL/TLS client.
public String getQMName()
retrieves the name of the IBM MQ queue manager used in the connection request. This is available only when the client request is not using SSL/TLS and MQIPT is acting as an SSL/TLS client.
public boolean getTimedout()
used by the exit to determine if the timeout has expired.
public IPTCertificate getCertificate()
retrieves the SSL/TLS certificate that needs to be validated.
public String getExitData()
retrieves the exit data, as defined by the SSLExitData property.
public String getExitName()
retrieves the exit name, as defined by the SSLExitName property.