This article is the second in a series of articles about IBM MQ and explains how MQ security features are designed to allow only permit connections from authorized application. In my first article, The interaction of CHLAUTH and CONNAUTH in IBM MQ I covered the sequence of steps performed by the queue manager when a client application requests to connect.

In this article I will demonstrate how applications can be coded to supply the user credentials. Examples will be shown for both the C and JMS languages. For both lnguages the credentials are passed to the connection call.

Passing user credentials from a C application
In C and most other languages the user credentials are passed to MQ using the MQCONNX API. The MQCNO structure supplied must be at version 5 or above and the MQCNO.SecurityParmsPtr field is pointing to a MQSCP control block. The MQSCP must have pointers to the user ID and password, and the MQCSP.AuthenticationType field has to have the value MQCSP_AUTH_USER_ID_AND_PWD. Example 1 shows C code that demonstrates passing a user ID and password to the MQCONNX call.

Example 1: Passing in a user ID and password in C.

       MQCNO cno = {MQCNO_DEFAULT};
       MQCNO cno = {MQCNO_DEFAULT};
       MQCSP csp = {MQCSP_DEFAULT};

       MQHCONN Hcon;
       MQLONG CompCode;
       MQLONG CReason;
       char QMName[50];
       char UserId(50];
       char Password[MQ_CSP_PASSWORD_LENGTH + 1] = {0}; /* For auth */

       strncpy(QMName, “demo”, 50);
       strncpy(UserId, “userABC”, 50);

       // Set the connection options to use the security structure and
       // set version information to ensure the structure is processed.

       cno.SecurityParmsPtr = &csp;
       cno.Version = MQCNO_VERSION_5;

       csp.AuthenticationType = MQCSP_AUTH_USER_ID_AND_PWD;
       csp.CSPUserIdPtr = UserId;
       csp.CSPUserIdLength = strlen(UserId);

       // Set the password.
       strncpy(Password, “secret”, 50);
       csp.CSPPasswordPtr = Password;
       csp.CSPPasswordLength = strlen(csp.CSPPasswordPtr);

       MQCONNX(QMName, &cno, &Hcon, &CompCode, &CReason);


Passing user credentials from a JMS application
As JMS is an industry standard and user credentials must be supplied to the JmsConnectionFactory before the createConnection method is invoked. IBM MQ’s implementation of the JMS specification will then provide the required information to the queue manager to authenticate and application. Example 2 shows JMS code that demonstrates passing a user ID and password to the connection factory.

Example 2: Passing in a user ID and password in JMS.

       Connection connection = null;

       try {
         // Create a connection factory
         JmsFactoryFactory ff = JmsFactoryFactory.getInstance(WMQConstants.WMQ_PROVIDER);
         JmsConnectionFactory cf = ff.createConnectionFactory();

         // Set the properties
         cf.setStringProperty(WMQConstants.WMQ_HOST_NAME, “localhost”);
         cf.setIntProperty(WMQConstants.WMQ_PORT, 1414);
         cf.setStringProperty(WMQConstants.WMQ_CHANNEL, “DEMO.CHANNEL”);
         cf.setIntProperty(WMQConstants.WMQ_CONNECTION_MODE, WMQConstants.WMQ_CM_CLIENT);
         cf.setStringProperty(WMQConstants.WMQ_QUEUE_MANAGER, “demo”);
         cf.setStringProperty(WMQConstants.USERID, “userABC”);
         cf.setStringProperty(WMQConstants.PASSWORD, “secret”);
         cf.setBooleanProperty(WMQConstants.USER_AUTHENTICATION_MQCSP, true);

         // Make the connection
         connection = cf.createConnection();
       }
       catch (JMSException jmsex) {
         System.out.println(jmsex);
       }
       finally {
         if (connection != null) {
           try {
             connection.close();
           }
           catch (JMSException jmsex) {
             System.out.println(“Connection could not be closed.”);
             System.out.println(jmsex);
           }
         }
       }


Conclusion
In this article I have shown examples of supplying user credentials from C and JMS languages. If you are using another language to connect to MQ you can follow the C paradigm. In the next article I will demonstrate how a C application can for inquire the Windows domain that is supplied in the user credentials.

Resources
The following links are provided to give more information the topics covered:

For more information on IBM MQ and to download a trial version please visit the IBM MQ web page.

2 comments on"Specifying User Name and Password from a MQ Application"

  1. How do you specify Username and Password for a C++ application ?

  2. Vivek Vhatkar January 25, 2017

    How do you provide the userid and password when I need to obtain the QueueConnectionFactory via jndi lookup on the QueueConnectionFactory configured in Websphere, Weblogic or a similar such application server.

Join The Discussion

Your email address will not be published.