Reputation: 1161
Send to MQ from java always uses default installed mqm userid for IBM MQ version 6.0
Our code runs in weblogic and we MQ 6.0. No matter if I use the default createQueueConnection() or createQueueConnection("myuserid","mypassword") it always seems to use userid mqm. See code below.
When I connect from version 6.0 to an older mq installion 5 it seems to throw the following error javax.jms.JMSSecurityException: MQJMS2013: invalid security authentication supplied for MQQueueManager using the default createQueueConnection() unless I send a blank userid/password as in createQueueConnection("","")
How can I get myuserid to be send instead ?
Hashtable properties = new Hashtable(2);
properties.put(Context.PROVIDER_URL,context);
properties.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.fscontext.RefFSContextFactory");
InitialContext ctx = new InitialContext(properties);
QueueConnectionFactory qcf = (QueueConnectionFactory) ctx.lookup("QCF");
QueueConnection qc = qcf.createQueueConnection();
javax.jms.Queue q = (javax.jms.Queue) ctx.lookup("MYQUEUE");
QueueSession qs = qc.createQueueSession(false, Session.AUTO_ACKNOWLEDGE);
TextMessage tm = qs.createTextMessage();
tm.setText(outString);
QueueSender sender = qs.createSender(q);
sender.send(tm);
sender.close();
qs.close();
qc.close();
Upvotes: 4
Views: 4480
Answers (1)
Reputation: 31832
If you are setting the ID in the createQueueConnection, rest assured, it is being presented to the queue manager. The problem you are seeing is that the SVRCONN channel definition on the QMgr has the value MCAUSER('mqm') hard coded. This overrides any value presented by the client app.
A couple of things to note here.
- Although you can send the ID and password, WMQ accepts these at face value. The fields exist to make the credentials available for a channel exit that can validate them. Without such an exit the channel just runs as whatever ID the app claims to be and the password is ignored.
- For the reason stated above, I always tell people not to trust the credentials presented unless they have such an exit. The administrator must code the appropriate value into the MCAUSER.
- The administrative ID ('mqm' on UNIX flavors) is NOT the appropriate value. It confers administrative authority to anyone connecting on that channel.
For a LOT more on this topic and pointers to the WMQ security presentation and WMQ Security Lab guide from IMPACT, please see this SO question.
Upvotes: 3
Related Questions
- Strange problem with authentication on IBMMQ, it takes the running user ID
- How to set message Id for IBM MQ using java program
- how to find MCA User id for IBM websphere MQ 7
- MQ WebSphere MessageID Woes
- C# IBM MQ client sending my own messageId
- JMSWMQ2013 : Weblogic is not sending userid and password specified in Foreign Connection Factory to IBM MQ
- Override the userid send by Websphere MQ Client in C# Windows application
- WebSphere MQ C API Sending client ID with a client connection
- Default value of user id in MQ message header
- WebSphere Application Server 7.0 ignoring Windows userId when connecting to MQ