| Author |
Message
|
| mqwanted |
 Posted: Mon Oct 19, 2009 2:24 pm Post subject: MQ upgrade from v 5.3 to 6 causing MQJMS2013 |
 |
|
Newbie
Joined: 19 Oct 2009
Posts: 6
|
Hi,
We upgraded our MQ JMS client version with Weblogic as appserver from 5.3 to 6.
With v6:
javax.jms.JMSSecurityException: MQJMS2013: invalid security authentication supplied for MQQueueManager
at com.ibm.mq.jms.MQConnection.createQM(MQConnection.java:2446)
at com.ibm.mq.jms.MQConnection.createQMNonXA(MQConnection.java:1850)
at com.ibm.mq.jms.MQQueueConnection.<init>(MQQueueConnection.java:161)
at com.ibm.mq.jms.MQQueueConnectionFactory.createQueueConnection(MQQueueConnectionFactory.java:202)
On testing with client we figured v6 has bug in considering no password. With local client we were able to fix this issue by using createQueueConnection(String user, String pwd) constructor with empty string.
is there a patch for this issue or workaround to set user/pwd as empty through JMS? |
|
| Back to top |
|
 |
| fjb_saper |
| Posted: Mon Oct 19, 2009 9:51 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
As you have found this function call behaves a little differently in V6. Deal with it! I believe the interpretation is a little bit more strict than it used to be in V5.3... working as designed? 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| mqwanted |
| Posted: Tue Oct 20, 2009 6:53 am Post subject: |
|
|
Newbie
Joined: 19 Oct 2009
Posts: 6
|
The problem is in how to make this work with weblogic container. If it is a thin MQ client, I could just change the constructor  |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Wed Oct 21, 2009 1:40 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| mqwanted wrote: |
| The problem is in how to make this work with weblogic container. If it is a thin MQ client, I could just change the constructor |
Have you assigned a JAAS alias to the container for authentication to MQ?
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| mqwanted |
| Posted: Wed Oct 21, 2009 6:51 am Post subject: |
|
|
Newbie
Joined: 19 Oct 2009
Posts: 6
|
We specified only the default mdb settings and since it does not require password no security settings are configured.
We added the empty username/password property in ejb-jar.xml assuming that empty string will be used in place of the empty username/password property.... it did not work |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Wed Oct 21, 2009 10:53 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| mqwanted wrote: |
We specified only the default mdb settings and since it does not require password no security settings are configured.
We added the empty username/password property in ejb-jar.xml assuming that empty string will be used in place of the empty username/password property.... it did not work |
Typically you define the CF to the app server. In the CF definition you specify the JAAS alias used for container authentication.
When you define the JAAS alias you specify a username and a password.
As of V6 the password is not used so any String should do.
There used to be a restriction when running in binding mode that you could only use the user of the process running the app server...
Have fun
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| mqjeff |
| Posted: Wed Oct 21, 2009 12:44 pm Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
You haven't said if the qm is local to the weblogic server or if you are making a client connection.
If you're making a client connection, set an MCAUSER on the SVRCONN.
If it's local, then setmqaut for the weblogic service user (the id that is running the weblogic processes). |
|
| Back to top |
|
|
|
|
