Reputation: 21
MQ 7.5 authorization exception
I am getting the following exception when I am trying to connect to MQ 7.5 from Java.
Please check if the supplied username and password are correct on the QueueManager to which you are connecting.
at com.ibm.msg.client.wmq.common.internal.Reason.reasonToException(Reason.java:521)
at com.ibm.msg.client.wmq.common.internal.Reason.createException(Reason.java:221)
at com.ibm.msg.client.wmq.internal.WMQConnection.(WMQConnection.java:425)
at com.ibm.msg.client.wmq.factories.WMQConnectionFactory.createV7ProviderConnection(WMQConnectionFactory.java:6902)
at com.ibm.msg.client.wmq.factories.WMQConnectionFactory.createProviderConnection(WMQConnectionFactory.java:6277)
at com.ibm.msg.client.jms.admin.JmsConnectionFactoryImpl.createConnection(JmsConnectionFactoryImpl.java:285)
at com.ibm.mq.jms.MQConnectionFactory.createCommonConnection(MQConnectionFactory.java:6233)
at com.ibm.mq.jms.MQConnectionFactory.createConnection(MQConnectionFactory.java:6262)
.
.
Caused by: com.ibm.mq.MQException: JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2035' ('MQRC_NOT_AUTHORIZED').
at com.ibm.msg.client.wmq.common.internal.Reason.createException(Reason.java:209)
... 9 more
I found this solution:
http://www-01.ibm.com/support/docview.wss?uid=swg21577137
but altering authorization of queue manager via rumqsc by:
ALTER QMGR CHLAUTH(DISABLED)
does not work. I am still getting the exception even after restarting the queue manager and the listener as well.
Any help would be much appreciated.
Upvotes: 0
Views: 373
Answers (2)
Reputation: 7506
So you are having a security issue and your first thought is to turn off security!!!!!!! OMG.
First off, turn security back on:
ALTER QMGR CHLAUTH(ENABLED)
If you are using 'mqm' or a blank UserID - bad, very bad idea!!
Next, have your application connect to the queue manager with a UserID and Password known to the operating system where the queue manager is running.
Then, add the CHLAUTH rule to allow your UserID to connect (via runmqsc):
SET CHLAUTH('ABC.SVRCONN') TYPE(USERMAP) CLNTUSER('stepasite') MCAUSER('stepasite')
Finally, use setmqaut to apply the appropriate permission for the UserID but do it for the group rather than by UserID. Issue the MQSC command 'refresh security', so that the queue manager will pick up the changes. i.e.
setmqaut -m {QM_NAME} -t qmgr -g {GROUP} +connect +inq +dsp
setmqaut -m {QM_NAME} -n MY.Q.** -t queue -g {GROUP} +put +get +inq +dsp
- The 1st setmqaut command allows your group to connect to the queue manager.
- The 2nd setmqaut command allows your group to get/put messages to all queues that begin with 'MY.Q.' (and yes, use 2 asterisks in the setmqaut command)
Setting MQ permissions is really easy if you take the time to read the MQ documentation. Here is setmqaut description in the MQ Knowledge Center.
Upvotes: 0
Reputation: 2636
You could use the MQS_REPORT_NOAUTH or MQSAUTHERRORS setting to get more info about the authority failure and what access is failing.
Upvotes: 0
Related Questions
- How do you assert that a certain exception is thrown in JUnit tests?
- Why do I get MQJE001: Completion Code '2', Reason '2035' after upgrading from java client 6.0.2.2 to 9.3.1.0?
- JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2035' ('MQRC_NOT_AUTHORIZED')
- DetailedJMSSecurityException while trying to access queue in IBM MQ
- WMQ JNDI look up with authentication
- WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2063' ('MQRC_SECURITY_ERROR')
- WebSphere MQ error MQRC_NOT_AUTHORIZED 2035 even with CHLAUTH(DISABLED)
- JMS can not connect to websphere mq
- SpringJMS 3.0.4 not connecting MQ 7.5 Connection using UserName