In this post,lets explore about Messagebroker APIs.
Dont get it confused with the term “CMP-ConfigManagerProxy”.Both the terms are one and the same.In initial versions of Message broker it was called as CMP.Later from WMB v7,it is called as MessageBroker API.
Whats the use of it?
If you want to control broker,its resources such as Egs,JVM,etc., and even if you want to develop message flows with just java code,you can make use of the MessageBroker APIs provisioned by WMB in your Application. You can also run CMP applications, and therefore control one or more broker components, from computers on which you have not installed IBM Integration Bus.
So,your application may be running in same server of broker –so connectivity between them will be Java Native Interface(JNI)
Your application may even be running in remote server- so connectivity between them will be SVRCONN(JNI)
Best picture which can explain this connectivity :
Now,lets jump into creating some samples using these APIs…
Lets first do some administrative tasks using these APIs.Some of the administrative tasks that we can do with APIs are Deploying,Navigating broker resources,setting User defined properties at runtime,working with Resource Manager statistics,Activity logs.
Add the ConfigManagerProxy.jar from the path C:\Program Files\IBM\MQSI\9.0.0.1\classes to our java class build path external jars
If we are getting error as below while connecting to QueueManager from Java program,then follow the steps as shown in Solution.
But “Radhamani” user is already having full permission while checking the Security in QM!
Solution : REF: https://www.ibm.com/developerworks/community/blogs/aimsupport/entry/blocked_by_chlauth_why?lang=en
From MQ7.1,there is some default security
Beautiful explanation about this concept
The one on the bottom tells the QMgr "if someone tries to connect over a SVRCONN using an administrative user ID, block the connection in all cases."
To allow a connection from Broker Toolkit you have two choices as follows:
1. Remove mqbrkrs from the mqm group. This allows it to connect without firing the CHLAUTH rule that blocks admin users. You will of course be required to grant authorization for the mqbrkrs group to all the broker and application queues to which it needs access since it is no longer an MQ admin.
2. Override the CHLAUTH rule to allow the broker toolkit to connect as an admin on the SYSTEM.BROKER.CONFIG channel.
As a security specialist, I favor the first option. It is unavoidable that the MQ admin can administer the broker. However it is possible to avoid allowing the broker (and by extension all the broker flows) to administer the QMgr.
If, however, you wish to take the second route you'll need to override the CHLAUTH rule that blocks admin access. There are several ways to do this. You could delete the rule but that opens all your channels to admin connections. A more precise approach is to provide a rule just for the channel on which the administrator is to connect. For example:
SET CHLAUTH(SYSTEM.BKR.CONFIG) TYPE(BLOCKUSER) +
USERLIST('*NOACCESS')
Since WMQ applies the most specific rule, the default rule is overridden by the new one but only for the SYSTEM.BKR.CONFIG channel. The BLOCKUSER rule syntax allows us to specify who to deny but not who to allow and it takes user IDs rather than group IDs. In order to allow admin access it is necessary to specify some ID that is not *MQADMIN. I picked *NOACCESS because it cannot be an actual user ID and is a reserved word used by WMQ elsewhere. You could as easily used any user ID such as nobody or even mqm. (Blocking mqm would allow mqbrkrs but not mqm however since mqbrkrs is in the mqm group it would not restrict mqbrkrs from administering the QMgr.)
Finally, note that any channel which allows admin access should be strongly authenticated. If the only CHLAUTH rule you set is the one above, then anybody with a network route to the QMgr can connect on that channel by asserting the mqbrkrs user ID on the connection. Once connected, they would have full control over the QMgr and the ability to remotely, anonymously execute commands using the mqm or mqbrkrs user IDs. At the very least add a CHLAUTH rule to filter conenctions on this channel by IP address. Or, even better, use SSL and filter connections by the certificate distinguished name.
I have disabled Channel Authentication to solve this error,
DISPLAY QMGR CHLAUTH
DISPLAY QMGR CHLAUTH
AMQ8408: Display Queue Manager details.
QMNAME(RadQM) CHLAUTH(ENABLED)
ALTER QMGR CHLAUTH(DISABLED)
ALTER QMGR CHLAUTH(DISABLED)
AMQ8005: WebSphere MQ queue manager changed.
REFRESH SECURITY
REFRESH SECURITY
AMQ8560: WebSphere MQ security cache refreshed.
DISPLAY QMGR CHLAUTH
DISPLAY QMGR CHLAUTH
AMQ8408: Display Queue Manager details.
QMNAME(RadQM) CHLAUTH(DISABLED)
End
Deployment using CMP
importcom.ibm.broker.config.proxy.*;
public class CMP_Deploy {
public static void main(String[] args) {
BrokerConnectionParameters bcp =
new MQBrokerConnectionParameters("localhost", 1414, "RadQM");
try {
BrokerProxy b = BrokerProxy.getInstance(bcp);
ExecutionGroupProxy eg = b.getExecutionGroupByName("default");
DeployResult dr = eg.deploy("F:\\Techie\\MyFirstApp.bar", true, 30000);
System.out.println("Result = "+dr.getCompletionCode());
} catch (Exception e) {
e.printStackTrace();
}
}
}
This program deploys MyFirstApp.bar into the broker connected with RadQM Queuemanager in the EG “default”.
As we saw one Administration task using CMP,we shall now look into a development task using CMP(now called as Message Broker API).
Without even having MB toolkit,just by having JDE for develping code and compatible JRE,we can run the code in any computer.
Refer for some examples of the development code : http://www-01.ibm.com/support/knowledgecenter/SSKM8N_8.0.0/com.ibm.etools.mft.doc/bc31530_.htm?lang=en
Now ,lets create a simple message flow as below,
Java code to develop this simple flow using MessageBroker API is :
import java.io.File;
importcom.ibm.broker.config.appdev.FlowRendererMSGFLOW;
importcom.ibm.broker.config.appdev.MessageFlow;
importcom.ibm.broker.config.appdev.nodes.*;
public class CMPDev {
public static void main(String[] args) {
try {
MessageFlow mf1 = new MessageFlow("CMPFirstDev.msgflow");
MQInputNode mqinNode = new MQInputNode();
mqinNode.setNodeName("My Input Node");
mqinNode.setQueueName("INPUTQ");
mf1.addNode(mqinNode);
MQOutputNode mqoutNode = new MQOutputNode();
mqoutNode.setNodeName("My Output Node");
mqoutNode.setQueueName("OUTPUTQ");
mf1.addNode(mqoutNode);
mf1.connect(mqinNode.OUTPUT_TERMINAL_OUT,mqoutNode.INPUT_TERMINAL_IN );
FlowRendererMSGFLOW.write(mf1,"F:\\Techie");
} catch (Exception e) {
// Add your own code here
e.printStackTrace();
}
}
}
No comments:
Post a Comment