User identification

This topic describes how user IDs are propagated in messages when interoperating with WebSphere® MQ using a WebSphere MQ server.

Service integration messages contain two user identifiers:

WebSphere MQ can be configured to set the ‘user identifier' field of the WebSphere MQ message descriptor (MQMD) from the system user identifier used in the service integration message. However, there is only a single field for user identifiers in the MQMD. Additional processing is required to preserve the service integration application user identifier when interoperating with WebSphere MQ using a WebSphere MQ server. If the destination permits the use of RFH2 headers, the application user identifier present in the message will be placed into the 'sib' folder of the RFH2 header using a key of 'jsApiUserId'.

When a message is received from queue points or mediations points localized on a WebSphere MQ server bus member then, depending on whether the associated WebSphere MQ server definition permits the user identifiers to be trusted, the following actions are carried out:
Consider an example where the following objects have been configured: If you configured these objects, when a message is received from Q1, the user identifier is always set to QM1 (ignoring the user identifier that exists in the message). This happens because the WebSphere MQ server bus member does not trust the user identifiers received in inbound messages, instead it always uses the name of the WebSphere MQ server that the message is received from.

Regardless of how the system user identifier of the service integration message is set, the application user identifier is always set from the 'jsApiUserId' RFH2 value. If this is not present, either because the value pair is not present in the 'sib' folder of the RFH2 header, or because the message does not have a RFH2 header, then this field will not be set.

As security user identifiers are transported in the MQMD message descriptor, they are limited to 12 characters in length. Longer user identifiers are truncated.




Related concepts
WebSphere MQ server - connection and authentication
Related tasks
Creating a WebSphere MQ server definition
Related reference
createSIBWMQServer command
Concept topic Concept topic    

Terms and conditions for information centers | Feedback

Last updatedLast updated: Aug 30, 2013 4:53:43 PM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=pix&product=was-base-dist&topic=cjfp0017_
File name: cjfp0017_.html