Reputation: 25
How to pass user defined username from IBM Websphere Application server to AS400 MQ server for authentication?
I am having an issue with connecting AS400 MQ Local Queue, its rejecting with code JMSWMQ2013.
My appserver has a username as [email protected] but in AS400 I am not able to give the specified username in MQ Object Authority.
Is there any way to connect to the queue defined in AS400 machine from Websphere Appserver on windows machine?
Below is the error i am facing while connecting:
FFDC Exception:com.ibm.msg.client.jms.DetailedJMSSecurityException SourceId:com.ibm.ejs.jms.JMSManagedQueueConnection.createConnection ProbeId:116 Reporter:com.ibm.ejs.jms.JMSManagedQueueConnection@db6f33e4
com.ibm.msg.client.jms.DetailedJMSSecurityException: JMSWMQ2013: The security authentication was not valid that was supplied for QueueManager 'TESTQMGR' with connection mode 'Client' and host name 'AS400T(1416)'.
Please check if the supplied username and password are correct on the QueueManager to which you are connecting.
Root cause:
JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2035' ('MQRC_NOT_AUTHORIZED').
at com.ibm.msg.client.wmq.common.internal.Reason.createException(Reason.java:204)
Upvotes: 1
Views: 3780
Answers (3)
Reputation: 35404
Yes, Username and password can be passed with setStringProperty on MQQueueConnectionFactory
MQQueueConnectionFactory mqConFactory = new MQQueueConnectionFactory();
mqConFactory.setStringProperty(WMQConstants.USERID, "username");
mqConFactory.setStringProperty(WMQConstants.PASSWORD, "password");
//other configs
mqConFactory.setHostName("MQ_HOST");
mqConFactory.setChannel("MQ_CHANNEL");//communications link
mqConFactory.setPort("MQ_PORT");
mqConFactory.setQueueManager("MQ_MANAGER");//service provider
mqConFactory.setTransportType(JMSC.MQJMS_TP_CLIENT_MQ_TCPIP);
Needed imports:
import com.ibm.mq.jms.MQQueueConnectionFactory;
import com.ibm.msg.client.wmq.WMQConstants;
Dependency jars:
compile('com.ibm.mq:com.ibm.mq.allclient:9.0.5.0')
Part of code took from this page
Upvotes: 1
Reputation: 7515
You indicate in a later comment that you are using MQ V7.0 on AS/400.
Your question details that you have a user ID [email protected] which will not be recognised by the AS/400 O/S.
Therefore you are looking for a way to assign a user ID for the connection which you are making from the App Server on Windows so that it can run using a recognised user ID on the AS/400 queue manager.
Since you are pre-V7.1, you cannot use CHLAUTH rules, so your choices are
- Write a security exit to do it (or buy/download one)
- Give this connection its own channel and set the MCAUSER on the SVRCONN to something that is known and recognised by the AS/400 O/S. In this case, please also make sure you have some form of authentication, e.g. SSL/TLS so that no-one else can use this channel.
Upvotes: 3
Reputation: 18020
Maybe you need to define separate J2C authentication alias and map it to the connection factory. What does it mean that My appserver has a username as [email protected]?
Check this page 2035 MQRC_NOT_AUTHORIZED Connecting to WebSphere MQ for more details:
The two most likely reasons why the connection is refused by MQ are as follows:
1. The user identifier passed across the client connection from the application server to MQ is not known on the server where the MQ queue manager is running, is not authorised to connect to MQ, or is longer than 12 characters and has been truncated. For queue managers running on Windows, the following error might be seen in the MQ error logs for this scenario: AMQ8075: Authorization failed because the SID for entity 'wasuser' cannot be obtained. For UNIX no entry in the MQ error logs would be seen by default. See technote MQS_REPORT_NOAUTH environment variable can be used to better diagnose return code 2035 for details of enabling error log entries on all platforms. 2. The user identifier passed across the client connection from the application server to MQ is a member of the 'mqm' group on the server hosting the MQ queue manager, and a Channel Authentication Record (CHLAUTH) exists that blocks administrative access to the queue manager. WebSphere MQ configures a CHLAUTH record by default in WebSphere MQ Version 7.1 and later that blocks all MQ admins from connecting as a client to the queue manager. The following error in the MQ error logs would be seen for this scenario: AMQ9777: Channel was blocked
Upvotes: 3
Related Questions
- Websphere MQ v8 - MQRC_NOT_AUTHORIZED - 2035
- Accessing IBM MQ 8 using JMS with user but without password
- how to find MCA User id for IBM websphere MQ 7
- Websphere MQ 7.5: User ID Access
- JMSWMQ2013 : Weblogic is not sending userid and password specified in Foreign Connection Factory to IBM MQ
- How to set the username/password on Websphere MQ connection string from .Net / C#?
- Connecting to Websphere MQ in JMS using DLL authentication
- How to perform AS/400 login validation from Java program running on WebSphere server?
- WebSphere MQ v7.1 Security User Credentials
- WebSphere Application Server 7.0 ignoring Windows userId when connecting to MQ