Credentials Mapping for MOMs
If your site has installed and configured one or more MOMs, the credentials mapping that is set up for accessing information systems can also be used for accessing MOMs. However, the message and Web Event Service webjects that access the MOM do not use INSTANCE parameters. When the SERVICE parameter is supplied on a webject, its value is used as a key into the Auth-Map group. If you have configured a default MOM, then Info*Engine provides the following as substitute INSTANCE parameter values:
|
Pseudo INSTANCE
|
Description
|
|
com.infoengine.msg
|
Value for message webjects (type=MSG)
|
|
com.infoengine.wes
|
Value for Web Event Service webjects (type=WES)
|
|
com.infoengine.jms
|
Value for either message or Web Event Service webjects
|
By setting up three pseudo INSTANCE parameter values, Info*Engine allows your site the flexibility of setting up the following accesses to your MOM through credentials mapping:
• Use the com.infoengine.jms pseudo INSTANCE parameter value to set a username and password for general access to the MOM.
• Use the com.infoengine.msg and com.infoengine.wes pseudo INSTANCE parameter values to override the general access for specific access through either message or Web Event Service webjects.
As is also true with the adapter webjects, specifying DBUSER and PASSWD parameter values on message and Web Event Service webjects overrides any settings provided through credentials mapping or through property settings for default usernames and passwords.
If a username and password is not provided on a webject and one cannot be determined through the credentials mapping set up at your site or through default values that can be set in MSG and WES properties, then an anonymous connection is attempted.
The following example credentials mapping task expands on the previous mapping task to create a group that contains all valid username and INSTANCE name combinations, including one pseudo INSTANCE name for general MOM access. From this group, it selects only those elements that contain the authenticated username. These elements then make up the Auth-Map group.
<%@page language="java" session="false"%>
<%@taglib uri="http://www.ptc.com/infoengine/taglib/core" prefix="ie"%>
<!-- Create a group from specified parameters -->
<ie:webject name="Create-Group" type="GRP">
<ie:param name="GROUP_OUT" data="AuthGroup"/>
<ie:param name="CLASS" data="AuthorizationRecord"/>
<ie:param name="DELIMITER" data=":"/>
<ie:param name="ELEMENT" data="USERNAME=abc:INSTANCE=com.myHost.jdbcScott:
DBUSER=scott:PASSWD=tiger"/>
<ie:param name="ELEMENT" data="USERNAME=abc:INSTANCE=com.myHost.jdbcAdapter:
DBUSER=abc:PASSWD=abc123"/>
<ie:param name="ELEMENT" data="USERNAME=xyz:INSTANCE=com.myHost.myGateway:
DBUSER=xyz:PASSWD=xyz123"/>
<ie:param name="ELEMENT" data="USERNAME=test:INSTANCE=com.myHost.myGateway:
DBUSER=mno:PASSWD=mno123"/>
<ie:param name="ELEMENT" data="USERNAME=abc:INSTANCE=com.infoengine.jms:
DBUSER=mom1:PASSWD=gen456"/>
<ie:/webject>
<!-- Select subset for actual Auth-Map group based on authenticated user -->
<ie:webject name="Subset-Group" type="GRP">
<ie:param name="GROUP_IN" data="AuthGroup"/>
<ie:param name="FILTER" data="USERNAME='$(SERVER[]AUTH-USER[0])'"/>
<ie:param name="CASE_IGNORE" data="TRUE"/>
<ie:param name="GROUP_OUT" data="Auth-Map"/>
<ie:/webject>
If this task runs when the authenticated user is “abc,” then the resulting elements in the Auth-Map group would be:
|
USERNAME
|
INSTANCE
|
DBUSER
|
PASSWD
|
|
abc
|
com.myHost.jdbcScott
|
scott
|
tiger
|
|
abc
|
com.myHost.jdbcAdapter
|
abc
|
abc123
|
|
abc
|
com.infoengine.jms
|
mom1
|
gen456
|
Then, user “abc” has the username “mom1” and password “gen456” to gain access to the MOM whenever the user tries executing a message or Web Event Service webject.