Running IBM MQ Container Image with Custom Configuration and Creating JMS JNDI Bindings
Recently I need to test some J2EE integration work on IBM MQ. Since it is for testing purposes I run it as a container instead of the full-blown VM.
Preparing a custom QMSC file
Other than the default MQ settings, I need to use my custom queue definition and security controls. In the MQ container, this is achieved by defining a custom MQSC file and put it into the specific /etc/mqm directory.
Create the following file 80-my-test.mqsc
define listener(LISTENER) trptype(tcp) control(qmgr) port(1414) replace
start listener(LISTENER)define authinfo(my.authinfo) authtype(idpwos) chckclnt(reqdadm) chcklocl(optional) adoptctx(yes) replace
alter qmgr connauth(my.authinfo)
refresh security(*) type(connauth)def chl(SYSTEM.ADMIN.SVRCONN) chltype(SVRCONN) replaceset chlauth('*') type(addressmap) address('*') usersrc(noaccess) descr('back-stop rule - blocks everyone') action(replace)set chlauth(SYSTEM.ADMIN.SVRCONN) type(blockuser) userlist('nobody') descr('block access for admin channel') action(replace)set chlauth(SYSTEM.ADMIN.SVRCONN) type(usermap) clntuser('admin') usersrc(channel) descr('allows admin user to connect via admin channel') action(replace)set chlauth(SYSTEM.ADMIN.SVRCONN) type(usermap) clntuser('admin') usersrc(map) mcauser(1001) descr('allow admin as 1001') action(replace)set authrec objtype(qmgr) principal('admin') authadd(all)
set authrec profile(*) objtype(queue) principal('admin') authadd(all)define qlocal('testq1') replace
define qlocal('testq2') replace
define qlocal('testq3') replace
define qlocal('testq4') replace
define qlocal('testq5') replace
Define a listener on port 1414.
Define a authinfo named as my.authinfo and let the queue manager use it.
Create/re-create a channel with the default system channel name, SYSTEM.ADMIN.SVRCONN
Once the channel is defined, we set the access permission step by step. First, block all access from any IP address. Then we block the access for the channel of SYSTEM.ADMIN.SVRCONN. Lastly, we enable the user “admin” to access this channel.
