WebSphere Message Broker, Version 8.0.0.7 Operating Systems: AIX, HP-Itanium, Linux, Solaris, Windows, z/OS

See information about the latest product version

Securing a JDBC type 4 connection

Set up security for the JDBC connection if required by the database provider.

Some databases require all access to be associated with a known user ID; for others this association is optional. For example, DB2® requires a data source login name and password on all connections. If the database requires secure access to be defined, or if you choose to implement security in an optional situation, complete the task described here.
  1. Identify the user ID that you want to associate with the JDBC connection, or create a user ID with a password, following the appropriate instructions for your operating system and database.
  2. Run the mqsisetdbparms command to associate the user ID and password with the security identity that is associated with the database that you will access using the JDBCProvider configurable service.

    The following values and order of preference are used by the broker for the JDBC connection:

    1. First, on all platforms: The user ID and password that you have set for the specific database, by using the mqsisetdbparms and specifying the database in the -n parameter.
    2. Second, on all platforms: The user ID and password that you have set for all other databases, by using the mqsisetdbparms and specifying jdbc:JDBC in the -n parameter.
    3. Third, the values are platform-specific:
      1. Windows platformOn Windows: The broker service ID and password that you specified on the mqsicreatebroker command.
      2. Linux platformUNIX platformOn Linux and UNIX: The user ID mqsiUser and password ******** (these values are fixed).
      3. z/OS platformOn z/OS®: The user ID "" and password "".
    Use the following command format:
    mqsisetdbparms broker_name -n security_identity -u userID -p password
    For example, if you want user ID myuserid with a password of secretpw to access a database on broker BROKER1, run the following command:
    mqsisetdbparms BROKER1 -n jdbc::mySecurityIdentity -u myuserid -p secretpw

    In the example, the mySecurityIdentity is prefixed with jdbc:: to indicate the type of the connection for which the user ID and password are defined.

    If you want to use the same user ID and password for more than one database, you can specify a resource name of jdbc::JDBC on this command, as shown in the following example:

    mqsisetdbparms BROKER1 -n jdbc::JDBC -u defaultuid -p defaultpw
  3. Update the corresponding securityIdentity property for the JDBCProvider configurable service to associate the connection with the security identity that you have defined. Use the following command format:
    mqsichangeproperties broker_name -c JDBCProviders -o service_name -n securityIdentity -v security_identity
    For example, if you are using the supplied JDBCProvider definition for Oracle:
    mqsichangeproperties BROKER1 -c JDBCProviders -o Oracle -n securityIdentity -v mySecurityIdentity
    You can use the same user ID and password definition for more than one JDBCProvider service if appropriate; specify the same security identity that you specified on the mqsisetdbparms command as the value for the securityIdentity property in each JDBCProvider service definition that uses the same access security. If you are using a default user ID and password that you have defined by specifying a ResourceName of jdbc::JDBC on the mqsisetdbparms command, do not change this property; retain the default value default_User@default_Server to cause the broker to use the default values that you have set. If you want to check what user ID you set, or test that the password for a specific user ID is what you expect, you can use the mqsireportdbparms command.
Notices | Trademarks | Downloads | Library | Support | Feedback

Copyright IBM Corporation 1999, 2016Copyright IBM Corporation 1999, 2016.

        
        Last updated:
        
        Last updated: 2016-05-23 14:47:08


Task topicTask topic | Version 8.0.0.7 | ah61320_