| Author |
Message
|
| JasonE |
 Posted: Mon May 17, 2004 7:31 am Post subject: |
 |
|
Grand Master
Joined: 03 Nov 2003
Posts: 1220
Location: Hursley
|
| Quote: |
| ---If java is *NOT* making calls to MQ api then whats the purpose of the jar files |
JAR files are Java archives containing the compiled java code (Just like a .DLL or .so contains compiled C code). These are not prototypes. They are real, functional code.
As per the operating system loading the shared libraries (.so / .dll) to execute a program, under java the JVM loads the java byte codes from JAR files and executes the program.
ie the jar files are required, the shared libraries are not.
Since a pure Java program never leaves the JVM, you cannot make operating system calls and remain pure java. |
|
| Back to top |
|
 |
| jefflowrey |
| Posted: Mon May 17, 2004 7:42 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
Right.
What I meant is that the Java client does not call the C MQ API to do it's work.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| mqonnet |
| Posted: Mon May 17, 2004 7:47 am Post subject: |
|
|
Grand Master
Joined: 18 Feb 2002
Posts: 1114
Location: Boston, Ma, Usa.
|
I think i would say, i am still hesitant but am ok to close this thread. Since it looks like we are diverting too much from MQ and Security to the details of Java. :)
Thanks Jason, Jeff & everyone for their insights though.
shogan2003, i would think you must have gotten a great deal out of this. And am sorry that your question was lost in the exchanges that we guys were having.
I would say you should go with what peter suggested in the other thread of using group/userids within the svrconn channel and NOT leave it blank. Also security exit would be the other alternative, though. :)
Cheers
Kumar
_________________
IBM Certified WebSphere MQ V5.3 Developer
IBM Certified WebSphere MQ V5.3 Solution Designer
IBM Certified WebSphere MQ V5.3 System Administrator |
|
| Back to top |
|
|
| techno |
| Posted: Mon Aug 09, 2004 10:41 am Post subject: |
|
|
Chevalier
Joined: 22 Jan 2003
Posts: 429
|
I have just tried putting something in mcauser attribute of svr channel. Java Client application failed with 2035!!!
Using Websphere MQ 5.3; Qmgr is on hp-ux and java client is on win2k. |
|
| Back to top |
|
|
| Michael Dag |
| Posted: Mon Aug 09, 2004 10:51 am Post subject: |
|
|
Jedi Knight
Joined: 13 Jun 2002
Posts: 2607
Location: The Netherlands (Amsterdam)
|
| techno wrote: |
I have just tried putting something in mcauser attribute of svr channel. Java Client application failed with 2035!!!
|
so.... should it?
_________________
Michael
MQSystems Facebook page |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Mon Aug 09, 2004 3:10 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
Guy's can you help me out a little here:
What permissions would you give to the mcausr on the java svrconn channel.
I've run into an old implementation:
MQ Series 5.00 on AIX 4.2 and the channel had an mcausr that had no logon on the box.
I could not connect with my java client (wmq 5.3) in client mode even though I was providing a usrid in the mqm grp.
I had to clear the mcausr to be able to connect.
Even after that I could not see some messages in a queue.
Thanks for your help. |
|
| Back to top |
|
|
| techno |
| Posted: Mon Aug 09, 2004 3:11 pm Post subject: |
|
|
Chevalier
Joined: 22 Jan 2003
Posts: 429
|
Above messages are saying that java client can connect to qmgr surpassing the security. It doesn't seem so. I am getting 2035!!
Or I am doing or understanding something wrong?
Also, what is clientid in MQQueueConnectionFactory? (has both set and get). How is it differnt from MQEnvironment's userid?
How do I set userid in jms? If it is not possible, how do I set alternate userid?
Thanks |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Mon Aug 09, 2004 3:16 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
in JMS the userid is set at the connection time:
qcf.createConnection(userid, pwd)
Enjoy |
|
| Back to top |
|
|
| techno |
| Posted: Mon Aug 09, 2004 3:40 pm Post subject: |
|
|
Chevalier
Joined: 22 Jan 2003
Posts: 429
|
| I am still getting 2035. I am sorry, what is the password here? |
|
| Back to top |
|
|
| oz1ccg |
| Posted: Tue Aug 10, 2004 1:23 am Post subject: |
|
|
Yatiri
Joined: 10 Feb 2002
Posts: 628
Location: Denmark
|
Take a look in the log, and see which userid got knocked down, and walk from point on. Not just shooting in any direction and trying guessing.
Have a chat with you security person of the box to get some help.
Have you specified MCAUSER/Put authority ??
To log the connection properties on the attempt you could use a security exit like BlockIP2 to help you. You find it here:
http://www.mrmq.dk/BlockIP.htm
Just my $0.02 
_________________
Regards, Jørgen
Home of BlockIP2, the last free MQ Security exit ver. 3.00
Cert. on WMQ, WBIMB, SWIFT. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Tue Aug 10, 2004 8:20 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
Techno use the Os password of the userid.
I assumed that the userid you are passing has authority.
However if you are not running an mcauser and are not passing a userid
then the connection runs under the authority of the channel(mqm...)
Enjoy |
|
| Back to top |
|
|
| Michael Dag |
| Posted: Tue Aug 10, 2004 8:40 am Post subject: |
|
|
Jedi Knight
Joined: 13 Jun 2002
Posts: 2607
Location: The Netherlands (Amsterdam)
|
| fjb_saper wrote: |
However if you are not running an mcauser and are not passing a userid
then the connection runs under the authority of the channel(mqm...)
|
being a nitpick  it's the authority of user that started the listener that is used, often that simply is mqm.
@Techno
please post your channel definitions! i.e. what is in your mcauser
if mcauser is blank then it should work, period.
if mcauser is 'something', check the authority of 'something' using dspmqaut or amqoamd -m QMgrname -s | grep 'something's groupid.
Without this info we can keep guessing, but your problem will only be solved by luck...
_________________
Michael
MQSystems Facebook page |
|
| Back to top |
|
|
| techno |
| Posted: Tue Aug 10, 2004 9:38 am Post subject: |
|
|
Chevalier
Joined: 22 Jan 2003
Posts: 429
|
Here are the details:
CHANNEL(CLIQMGR) CHLTYPE(SVRCONN)
TRPTYPE(TCP) DESCR( )
SCYEXIT( ) MAXMSGL(4194304)
SCYDATA( ) HBINT(300)
SSLCIPH( ) SSLCAUTH(OPTIONAL)
KAINT(AUTO) MCAUSER(dev)
ALTDATE(2004-08-09) ALTTIME(13.17.09)
SSLPEER()
SENDEXIT( )
RCVEXIT( )
SENDDATA( )
RCVDATA( )
$ dspmqaut -m QMGR -t qmgr -g dev
Entity dev has the following authorizations for object QMGR:
inq
set
connect
altusr
dlt
chg
dsp
setid
setall
------------------------------------------------------------------------
If I put the userid and password of mqm (or any other user), that would be big problem. First of all, you are disclosing the password to Client(where the code is deployed). Also, there may be a change in the password in the future.
Thanks. |
|
| Back to top |
|
|
| mqonnet |
| Posted: Tue Aug 10, 2004 10:13 am Post subject: |
|
|
Grand Master
Joined: 18 Feb 2002
Posts: 1114
Location: Boston, Ma, Usa.
|
You are only giving previledges for Connection to the queue manager. And since you never mentioned on what MQ Api call you are getting a 2035, it gets difficult to imagine your circumstance.
But since you posted dspmqaut for the qmgr and seem to still have 2035 issues, it makes me believe that you are getting 2035's on mqopen call. If that is so, you have to also assign authorities for this group/user(dev) on queue/object basis.
Cheers
Kumar
_________________
IBM Certified WebSphere MQ V5.3 Developer
IBM Certified WebSphere MQ V5.3 Solution Designer
IBM Certified WebSphere MQ V5.3 System Administrator |
|
| Back to top |
|
|
| techno |
| Posted: Tue Aug 10, 2004 10:42 am Post subject: |
|
|
Chevalier
Joined: 22 Jan 2003
Posts: 429
|
| Sorry, I am getting the error while opening the connection to qmgr. |
|
| Back to top |
|
|
|
|
