ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » General IBM MQ Support » Username specified in a server.xml is ignored (tomcat)

Post new topic  Reply to topic
 Username specified in a server.xml is ignored (tomcat) « View previous topic :: View next topic » 
Author Message
fksouls
PostPosted: Tue Sep 28, 2021 5:57 am    Post subject: Username specified in a server.xml is ignored (tomcat) Reply with quote

Newbie

Joined: 28 Sep 2021
Posts: 4

Hi,
first of all, I'm not sure if it's a tomcat, an application or an ibmmq issue, so sorry if I posted in the wrong place.

I have deployed mq container based on ibmcom/mq:9.1.4.0-r1 image.
Also, I have an application deployed as a tomcat-based docker container.

I specified connection factories and queues in a server.xml file:

Code:
 <Resource name="jms/MyRequestConnFactory"
              auth="Container"
              type="com.ibm.mq.jms.MQQueueConnectionFactory"
              factory="com.ibm.mq.jms.MQQueueConnectionFactoryFactory"
              username="testuser"
              password="cfpass"
              HOST="mq"
              PORT="1418"
              CHAN="MYCHANNEL"
              TRAN="1"
              QMGR="MYQMGR" />

    <Resource name="jms/MyResponseConnFactory"
              auth="Container"
              type="com.ibm.mq.jms.MQQueueConnectionFactory"
              factory="com.ibm.mq.jms.MQQueueConnectionFactoryFactory"
              username="testuser"
              password="cfpass"
              HOST="mq"
              PORT="1418"
              CHAN="MYCHANNEL"
              TRAN="1"
              QMGR="MYQMGR" />

    <Resource name="jms/MyRequestQueue"
              auth="Container"
              type="com.ibm.mq.jms.MQQueue"
              factory="com.ibm.mq.jms.MQQueueFactory"
              QU="A_TO_B_QUEUE" />

    <Resource name="jms/MyResponseQueue"
              auth="Container"
              type="com.ibm.mq.jms.MQQueue"
              factory="com.ibm.mq.jms.MQQueueFactory"
              QU="B_TO_A_QUEUE" />


The problem is that tomcat is trying to connect to queue manager with a current user of a docker container (which is "tomcat"), not the user specified in a server.xml file (which is "testuser").
I have another app deployed as a wildfly-based docker container, and there is no such issue with it. It's using the exact username I specified in standalone.xml file.
If I set CHCKCLNT to NONE my app can successfully connect, but I wish to have authentication enabled.

I get the following "docker logs" output for mq container
Quote:
2021-09-28T13:35:26.006Z AMQ5540E: Application 'catalina.startup.Bootstrap' did not supply a user ID and password
2021-09-28T13:35:36.008Z AMQ9557E: Queue Manager User ID initialization failed for 'tomcat'.

As you can see it says "initialization failed for 'tomcat'", though the specified user is "testuser".

My mq Dockerfile:
Code:

FROM ibmcom/mq:9.1.4.0-r1
USER root
ENV LICENSE=accept
ENV MQ_QMGR_NAME=MYQMGR
ENV MQ_APP_PASSWORD=cfpass
RUN useradd testuser -G mqclient && \
    echo testuser:cfpass | chpasswd
USER mqm
COPY 20-config.mqsc /etc/mqm/


My 20-config.mqsc (without defining of queues and topics):

Code:

DEFINE CHANNEL(MYCHANNEL) +
CHLTYPE(SVRCONN) +
TRPTYPE(TCP);

DEFINE LISTENER(Listener) +
TRPTYPE(TCP) +
PORT(1418) +
CONTROL(QMGR);

ALTER QMGR CONNAUTH(USE.PW)
DEFINE AUTHINFO(USE.PW) +
AUTHTYPE(IDPWOS) +
ADOPTCTX(YES) +
FAILDLAY(10) +
CHCKLOCL(OPTIONAL) +
CHCKCLNT(REQUIRED);

REFRESH SECURITY TYPE(CONNAUTH);

SET AUTHREC PROFILE(*) +
  group('mqclient') +
  OBJTYPE(QUEUE) +
  AUTHADD(ALL);

SET CHLAUTH('MYCHANNEL') +
  TYPE(USERMAP) CLNTUSER('tomcat') +
  USERSRC(CHANNEL) +
  ACTION(REPLACE);

SET CHLAUTH('MYCHANNEL') +
  TYPE(USERMAP) CLNTUSER('testuser') +
  USERSRC(CHANNEL) +
  ACTION(REPLACE);

START LISTENER(Listener);
START CHANNEL(MYCHANNEL);



App code:

Code:

    @Bean(name = "senderConnectionFactory")
    public ConnectionFactory senderConnectionFactory() {
       
        String jndiFactoryName = StringUtils.trim(env.getProperty("jms.sender.jndiFactoryName"));
       
       Context initContext;
      try {
         initContext = new InitialContext();
         logger.info("Using JNDI senderFactory: {} ", jndiFactoryName);
          return (ConnectionFactory) initContext.lookup(jndiFactoryName);
      } catch (Exception e) {
         logger.warn("Cannot lookup {} from JNDI, using env.properties: {}", jndiFactoryName, e.toString());
      }

       String providerForSending = env.getProperty("jms.broker");
          
           // Based on the value of this property we load the correct implementation for QueueConnectionFactory
        if ("ibmmq".equals(providerForSending)) {
            MQConnectionFactory connectionFactory = new MQConnectionFactory();
       try {
                connectionFactory.setHostName(env.getProperty("jms.ibmmq.outgoing.hostName"));
                connectionFactory.setPort(new Integer(env.getProperty("jms.ibmmq.outgoing.port")));
                connectionFactory.setQueueManager(env.getProperty("jms.ibmmq.outgoing.qmName"));
                connectionFactory.setChannel(env.getProperty("jms.ibmmq.outgoing.channel"));
                connectionFactory.setTransportType(JMSC.MQJMS_TP_CLIENT_MQ_TCPIP);
                connectionFactory.setStringProperty(WMQConstants.USERID,env.getProperty("jms.ibmmq.outgoing.user"));
                connectionFactory.setStringProperty(WMQConstants.PASSWORD,env.getProperty("jms.ibmmq.outgoing.password"));
            } catch(JMSException jmse){
                // Best to do here is to throw the exception so that spring realizes that it is impossible to connect and manages the situation (very likely not starting the application)
                throw new RuntimeException("Problems creating the queue connection factory to connect to IBM MQ: "+jmse.getMessage());
            }
            return connectionFactory;
        } else {
            // default behavior
            ActiveMQConnectionFactory connectionFactory = new ActiveMQConnectionFactory();
            connectionFactory.setBrokerURL(env.getProperty("jms.activemq.broker.outgoing.url"));
            return connectionFactory;
      
      }
    }

    @Bean("jmsTemplateForSender")
    public JmsTemplate jmsTemplateForSender() {
       
       ConnectionFactory connFactory = senderConnectionFactory();
       String jndiQueueName = StringUtils.trim(env.getProperty("jms.sender.jndiQueueName"));
       try {
          JmsTemplate template = new JmsTemplate();
           template.setConnectionFactory(connFactory);
            Context initContext = new InitialContext();
            template.setDefaultDestination((Destination) initContext.lookup(jndiQueueName));
            logger.info("Using JNDI senderQueue: {} ", jndiQueueName);
         return template;   
       }catch(Exception ex) {
          logger.warn("Cannot lookup {} from JNDI queue, using env.properties: {}", jndiQueueName, ex.toString());         
       }
       
        JmsTemplate jmsTemplate = new JmsTemplate();
        jmsTemplate.setConnectionFactory(connFactory);
        jmsTemplate.setDefaultDestinationName(env.getProperty("jms.queue.outgoing"));
        return jmsTemplate;
    }
Back to top
View user's profile Send private message
hughson
PostPosted: Tue Sep 28, 2021 5:21 pm    Post subject: Reply with quote

Padawan

Joined: 09 May 2013
Posts: 1949
Location: Bay of Plenty, New Zealand

Where are you setting the environment variable jms.ibmmq.outgoing.user or jms.ibmmq.outgoing.password? I don't see them mentioned when you describe your config.

Cheers,
Morag
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software
Back to top
View user's profile Send private message Visit poster's website
fksouls
PostPosted: Tue Sep 28, 2021 11:49 pm    Post subject: Reply with quote

Newbie

Joined: 28 Sep 2021
Posts: 4

I have app.properties file that I put in lib/app_name/ folder.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » General IBM MQ Support » Username specified in a server.xml is ignored (tomcat)
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
 
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.