| Author |
Message
|
| ryanb123 |
 Posted: Thu Sep 28, 2006 8:35 pm Post subject: Setting User and Password for a Queue Connection Factory |
 |
|
Newbie
Joined: 27 Sep 2006
Posts: 7
|
hello...
how do i set a user name and password on a QCF? is it done during QCF creation in JMSAdmin?
InitCtx> Define QCF(testQCF) ???
thanks! |
|
| Back to top |
|
 |
| fjb_saper |
| Posted: Fri Sep 29, 2006 2:02 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
Don't have the manuals at hand. I believe you can define a default user in JMSAdmin on the QCF. However this is usually done at runtime when defining the Context. See as well JNDI setup in WAS with JAAS aliasing.
Sometimes it is done on invoking the Connection:
qcf.createConnection(user, passwd).
Enjoy 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| RogerLacroix |
| Posted: Sat Sep 30, 2006 9:50 am Post subject: |
|
|
Jedi Knight
Joined: 15 May 2001
Posts: 3264
Location: London, ON Canada
|
| fjb_saper wrote: |
| qcf.createConnection(user, passwd) |
The UserId must be known to the server where the queue manager is running. The password is ignored / not used by MQ.
If you are not worried about security (or SOX) then you can simply do the following and exploit big security hole (although, you may be fired):
| Code: |
| qcf.createConnection() |
Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter |
|
| Back to top |
|
|
| jmac |
| Posted: Fri Jan 23, 2009 4:31 pm Post subject: |
|
|
Jedi Knight
Joined: 27 Jun 2001
Posts: 3081
Location: EmeriCon, LLC
|
This is an old post, but after a search this seems a good fit to my problem.
| Code: |
InitialContextctx = new InitialContext();
ConnectionFactory cf = (ConnectionFactory)ctx.lookup(AUDITMQ_CONNECTIONFACTORY_JNDI_NAME);
Connection connection = cf.createConnection("MUSR_MQADMIN",BOGUSPW");
connection.start();
Session session = connection.createSession(true,
Session.AUTO_ACKNOWLEDGE);
Queue auditQueue = (Queue)ctx.lookup( AUDITMQ_QUEUE_JNDI_NAME );
MessageProducer producer = session.createProducer(auditQueue);
Message msg = session.createTextMessage("Blah Blah Blah");
msg.setStringProperty("JMSXUserID", "MUSR_MQADMIN");
producer.send(msg);
producer.close();
session.close();
connection.close();
|
Perhaps I am misunderstanding what Roger is saying, and someone can straighten me out. If I were using the MQ api, I could set the Identity context, and I know this would work as I have done this many times in the past. In this case I want to put to MQ using JMS, and I have a requirement that the userID that shows in the MQMD is MUSR_MQADMIN. This user was created for me automatically when MQ was installed. My reading of this post, says that I should be able to have this user defined in WPS and the password will be ignored (which in my case it has to be, since this is not the actual password of MUSR_MQADMIN).
_________________
John McDonald
RETIRED |
|
| Back to top |
|
|
| RogerLacroix |
| Posted: Fri Jan 23, 2009 8:07 pm Post subject: |
|
|
Jedi Knight
Joined: 15 May 2001
Posts: 3264
Location: London, ON Canada
|
Hi,
| Quote: |
| cf.createConnection("MUSR_MQADMIN",BOGUSPW"); |
Bad, very bad idea to have an application use the MQ Admin UserID. Basically, you / your manager / your company is saying I do not want MQ security and please expose my data to the world.  
Please rethink this approach.
Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter |
|
| Back to top |
|
|
| jmac |
| Posted: Sat Jan 24, 2009 6:49 am Post subject: |
|
|
Jedi Knight
Joined: 27 Jun 2001
Posts: 3081
Location: EmeriCon, LLC
|
Forget about whether or not it is a bad approach, the question is do I understand what you are proposing. I.E. should this work? My interpretation of the previous posts was that the password did not matter, since it was not used by MQ, yet when I run I get javax.jms.JMSSecurityException: MQJMS2013: invalid security authentication supplied for MQQueueManager which leads me to believe that the password is used. The bottom line is I need to set the identity context and have yet to find a way to set the user as I could using the MQ API. Any help is appreciated.
_________________
John McDonald
RETIRED |
|
| Back to top |
|
|
| mqjeff |
| Posted: Sat Jan 24, 2009 10:22 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
JMS is much more limited than the MQ API. There are certain things that are simply impossible - like setting the output MessageID.
Other things are somewhat possible, but only if you use JMS Provider specific properties.
I think you're on the right track with JMSXUserIdentifier. But you need to use some other mechanism to authenticate the connection - like if if it's a client connection, you can set MCAUSER on the svrconn. Or set the JAAS information on the QCF in the JNDI.
It's also possible that Roger is being confused by which password is ignored. He might be reacting thinking that the Password on the Channel information is ignored, which is true. But there's been a lot of work done in the JMS interface in v6 and v7 to allow for the createConnection password to actually be validated in the first place - because it does allow for JMS activity to occur under something other than the server instance owner id (wasadmin). |
|
| Back to top |
|
|
| jmac |
| Posted: Sat Jan 24, 2009 10:50 am Post subject: |
|
|
Jedi Knight
Joined: 27 Jun 2001
Posts: 3081
Location: EmeriCon, LLC
|
Jeff:
Sad but true... If I simply connect using cf.createConnection(), the user shown in the header is still MUSR_MQADMIN.
I will look in to your other suggestions. Thanks
_________________
John McDonald
RETIRED |
|
| Back to top |
|
|
| mqjeff |
| Posted: Sat Jan 24, 2009 11:00 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
Now I'm confused.
I thought you *wanted* the UserID in the header to be MUSR_MQADMIN?
The user set on the UserID is set from the QCF or etc. only if you don't set JMSXUserId - which you are... |
|
| Back to top |
|
|
| jmac |
| Posted: Sat Jan 24, 2009 11:39 am Post subject: |
|
|
Jedi Knight
Joined: 27 Jun 2001
Posts: 3081
Location: EmeriCon, LLC
|
Sorry ... You are correct... should have had more coffee before I posted 
I DO want it to be MUSR_MQADMIN, the value being put there currently is MY userid. It appears to me that the setting of the JMXSUserId is ignored when I send the message.
In my code I am displaying the value of the JMXSUserID property, and after my set (prior to the send) it is indeed MUSR_MQADMIN, however, after the send when I display the value it contains my user id, and the header has my userID, which leads me to believe that either the setting will not be honored, OR I need to do some other configuration step which I have left out.
Again, sorry for the misleading post... Thanks for your help
_________________
John McDonald
RETIRED |
|
| Back to top |
|
|
|
|
