| Author |
Message
|
| mqmike |
 Posted: Thu Jan 18, 2007 9:23 am Post subject: MQJMS2013 |
 |
|
Acolyte
Joined: 09 Jul 2004
Posts: 63
|
Hi
I've looked through the (many) posts on this error already on this forum but need to get this resolved as soon as possible and am not sure that I have exhausted all options.
Basically we have a JMS application running under WAS and binding locally to a QM (version 6.02). The application runs under a 'was' account and this is part of the mqm group. I have done a 'refresh security' but we still get the MQJMS2013 error.
I can only think that
public QueueConnection createQueueConnection(java.lang.String userName, java.lang.String password)
is being called with some bogus id as a parameter that MQ doesn't know about.
Any other thoughts?
Also a series of dspmqaut commands show 'was' to have all the required security credentials. Although when I run amqoamd for the QM, it only shows mqm's credentials. Not sure if this is normal or not.
Thanks in advance. |
|
| Back to top |
|
 |
| fjb_saper |
| Posted: Thu Jan 18, 2007 3:58 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
First of all forget all about any JMS errors. They are essentially non informative and mostly serve as a container for the provider specific error: the linked error. This one has the reason code that you need to diagnose the problem.
As for authentication through WAS, it is done in the management console. You set up the authentication in JAAS and pass it as container authentication / bean authentication...
If you are using a "bindings" connection the only user allowed to be passed is the one running the was process. Any other user will give you a permission error.
If you are using a "client" connection the user must authenticate on the box the qmgr lives on, and have the necessary permissions to do it's job. Remember that JMS requires inq + get to be able to receive messages.
Enjoy 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| mqmike |
| Posted: Fri Jan 19, 2007 12:29 am Post subject: |
|
|
Acolyte
Joined: 09 Jul 2004
Posts: 63
|
Thanks very much for the reply.
We are using bindings and I'm told that the java process runs under the 'was' id. Given that this is part of mqm and that I've refreshed security, I'd expect everything to be ok.
I'll continue to investigate |
|
| Back to top |
|
|
| Vitor |
| Posted: Fri Jan 19, 2007 12:40 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
As a moderate to last resort, you can switch on security events to track down exactly what user id's failing.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| mqmike |
| Posted: Fri Jan 19, 2007 1:12 am Post subject: |
|
|
Acolyte
Joined: 09 Jul 2004
Posts: 63
|
| Nice tip thanks - which event queue do these appear on? |
|
| Back to top |
|
|
| Vitor |
| Posted: Fri Jan 19, 2007 1:27 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| mqmike wrote: |
| Nice tip thanks - which event queue do these appear on? |
SYSTEM.ADMIN.QMGR.EVENT - you'll find details in the "Monitoring MQ" manual (or online equivalent).
Remember to switch them back off when investigation is complete! 
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| JYama |
| Posted: Thu Sep 13, 2007 6:19 pm Post subject: |
|
|
Master
Joined: 27 Mar 2002
Posts: 281
|
| Vitor wrote: |
| As a moderate to last resort, you can switch on security events to track down exactly what user id's failing. |
Just a quck confirmation, is 'security events' equal to 'SSLEV'?
Does it work with non-SSL environment? |
|
| Back to top |
|
|
| Vitor |
| Posted: Thu Sep 13, 2007 11:52 pm Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| JYama wrote: |
| Vitor wrote: |
| As a moderate to last resort, you can switch on security events to track down exactly what user id's failing. |
Just a quck confirmation, is 'security events' equal to 'SSLEV'?
Does it work with non-SSL environment? |
SSLEV deals with SSL events. In the context of this post I was refering to AUTHOREV, which throws events against the OAM (i.e. non-SSL). AFAIK you'd need to enable SSLEV to get SSL events out.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
|
|
