CODEWITHSUNDEEP
javaauthenticationjmsibm-mq
PdM
PdM

Reputation: 74

Accessing IBM MQ 8 using JMS with user but without password

I try to connect to a new MQ setup using IBM JMS example code for testing:

https://developer.ibm.com/messaging/learn-mq/mq-tutorials/develop-mq-jms/

private static final String HOST = "MYIP"; // Host name or IP address
private static final int PORT = MYPORT; // Listener port for your queue manager
private static final String CHANNEL = "MY.APP.SVRCONN"; // Channel name
private static final String QMGR = "MYQMGR"; // Queue manager name
private static final String APP_USER = "MYUSER"; // User name that application uses to connect to MQ
private static final String APP_PASSWORD = ""; // Password that the application uses to connect to MQ
private static final String QUEUE_NAME = "MYQUEUE"; // Queue that the application uses to put and get messages to an

and

// Set the properties
cf.setStringProperty(WMQConstants.WMQ_HOST_NAME, HOST);
cf.setIntProperty(WMQConstants.WMQ_PORT, PORT);
cf.setStringProperty(WMQConstants.WMQ_CHANNEL, CHANNEL);
cf.setIntProperty(WMQConstants.WMQ_CONNECTION_MODE, WMQConstants.WMQ_CM_CLIENT);
cf.setStringProperty(WMQConstants.WMQ_QUEUE_MANAGER, QMGR);
cf.setStringProperty(WMQConstants.WMQ_APPLICATIONNAME, "JmsPutGet (JMS)");
cf.setBooleanProperty(WMQConstants.USER_AUTHENTICATION_MQCSP, true);
cf.setStringProperty(WMQConstants.USERID, APP_USER);
cf.setStringProperty(WMQConstants.PASSWORD, APP_PASSWORD);

Assume all parameters provided and used are correct (HOST, PORT, CHANNEL, QMGR, QUEUE_NAME), since I can connect to the manager and see the queue with a read-only user using MQ Explorer and I get Errors when modifying the parameters, that there is no such QMGR running, just to make sure the problem is related to USERID and PASSWORD. My example works great with another queue, where I have to use UserID + password authentication.

Now the Setup-team provided me a technical user userid, but no password, since this is not needed.

Exception in thread "main" com.ibm.msg.client.jms.DetailedJMSSecurityRuntimeException: JMSWMQ2013: The security authentication was not valid that was supplied for QueueManager 'MYQUEUEMANAGER' with connection mode 'Client' and host name 'MYIP(MYPORT)'.
Please check if the supplied username and password are correct on the QueueManager to which you are connecting.
        at com.ibm.msg.client.jms.DetailedJMSSecurityException.getUnchecked(DetailedJMSSecurityException.java:270)
        at com.ibm.msg.client.jms.internal.JmsErrorUtils.convertJMSException(JmsErrorUtils.java:173)
        at com.ibm.msg.client.jms.admin.JmsConnectionFactoryImpl.createContext(JmsConnectionFactoryImpl.java:478)
        at com.ibm.mq.samples.jms.JmsTestClient.main(JmsTestClient.java:78)
Caused by: com.ibm.mq.MQException: JMSCMQ0001: IBM MQ call failed with compcode '2' ('MQCC_FAILED') reason '2035' ('MQRC_NOT_AUTHORIZED').

Can somebody please direct me to the correct configuration or which parameter to set to connect with a passwordless user via JMS?

update#1: I tried to set password empty or do not to set string property WMQConstants.PASSWORD of cause.

Upvotes: 2

Views: 5203

Answers (2)

Rob Parker
Rob Parker

Reputation: 774

In your code you have set the property WMQConstants.USER_AUTHENTICATION_MQCSP to true. This tells your Java client that you want to use the Connection Authentication feature which was added in v8 to provide a userid and password for authentication.

If you want to use the old mechanism to only provide a user id then you need to set this to false. For example:

cf.setBooleanProperty(WMQConstants.USER_AUTHENTICATION_MQCSP, false);

This is refered to as Compatability Mode and is applicable to Java applications trying to connect to IBM MQ (e.g. MQ Explorer)

Reference: https://www.ibm.com/support/knowledgecenter/en/SSFKSJ_8.0.0/com.ibm.mq.sec.doc/q118680_.htm

Upvotes: 3

PdM
PdM

Reputation: 74

For passwordless authentication (userid only), use:

cf.setBooleanProperty(WMQConstants.USER_AUTHENTICATION_MQCSP, false);

Unfortunately there existed a misconfiguration introduced by our MQ team and I never tried this option again. IBM docs are a bit tight-lipped. https://www.ibm.com/support/knowledgecenter/en/SSFKSJ_8.0.0/com.ibm.mq.javadoc.doc/WMQJMSClasses/com/ibm/msg/client/jms/JmsConstants.html#USER_AUTHENTICATION_MQCSP

Upvotes: 2

Related Questions