| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| mqipt setup |
« View previous topic :: View next topic » |
| Author |
Message
|
| manojsu |
 Posted: Sun Jul 03, 2011 4:13 am Post subject: mqipt setup |
 |
|
Centurion
Joined: 19 Jul 2006
Posts: 147
Location: Bangalore
|
Hi Guys,
I am trying to setup MQIPT to listen to Secure Client and Server, but when i am trying to put a message after the setup, comes with a reason code 2540.
To check if my initial SSL setup works fine with out MQIPT, i tried to connect directly and it works fine, so i assume i am missing something in the MQIPT or the java security manager setting.
in the MQIPT i have enabled the java security manager to true, and SSL Proxy to true as well.
I have modified the java policy file to have the correct IP Address.
Any ideas as to where i am may be wrong.
entry in the log file -
Sun Jul 03 13:12:50 BST 2011 conn accept from(port) ipt(port) OK 1416-1
Sun Jul 03 13:12:50 BST 2011 conn conn 0.0.0.0(2) dest(port) OK 1416-1
Sun Jul 03 13:12:50 BST 2011 conn close from(2043) ipt(port) TERM 1416-1 MQCPI130 Connection to
caller closed due to connection failure to destination
Sun Jul 03 13:12:50 BST 2011 conn close 0.0.0.0(2) dest(port) TERM 1416-1 access denied (java.net
.SocketPermission dest:port connect,resolve)
have set the trace file to high and entry below.
12:12:50.410 14 1416-1s -------{ ConnectionLogger.logConnection()
12:12:50.410 14 1416-1s conn conn 0.0.0.0(2) dest(port) OK 1416-1
12:12:50.436 14 1416-1s --------{ ConnectionLogger.moveFilesIfNecessary()
12:12:50.436 14 1416-1s --------} ConnectionLogger.moveFilesIfNecessary() rc=0
12:12:50.437 14 1416-1s -------} ConnectionLogger.logConnection() rc=0
12:12:50.437 14 1416-1s ------} ConnectionLogger.logConnection() rc=0
12:12:50.437 14 1416-1s -----} ConnectionDetails.logDetailsToResponder() rc=0
12:12:50.437 14 1416-1s ----} Responder.makeConnection() rc=60005
12:12:50.437 14 1416-1s ---} ServerConnectionThread.makeConnection() rc=60005
12:12:50.437 14 1416-1s IPTException: closeId=ERROR, closeMsg=access denied (java.net.SocketPermission dest:12512 connect,resolve), rc=6
0005
12:12:50.437 14 1416-1s access denied (java.net.SocketPermission dest:port connect,resolve)
12:12:50.437 14 1416-1s java.security.AccessControlContext.checkPermission(AccessControlContext.java:342)
12:12:50.437 14 1416-1s java.security.AccessController.checkPermission(AccessController.java:553)
12:12:50.437 14 1416-1s java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
Please advise. |
|
| Back to top |
|
 |
| fjb_saper |
| Posted: Sun Jul 03, 2011 5:24 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
The error is clear and you need to add it to your mqipt.policy file and grant permission:
| Quote: |
Sun Jul 03 13:12:50 BST 2011 conn close 0.0.0.0(2) dest(port) TERM 1416-1 access denied (java.net
.SocketPermission dest:port connect,resolve) |
Have fun 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| manojsu |
| Posted: Mon Jul 04, 2011 5:11 am Post subject: |
|
|
Centurion
Joined: 19 Jul 2006
Posts: 147
Location: Bangalore
|
Hi saper,
in the mqipt.policy file, if i add * as a wild card, it works perfectly, but when i add a client IP Address get a socket exception.
Also get the following error in the mqipt.log file.
Mon Jul 04 11:23:35 BST 2011 conn accept source(2619) mqipt(1416) OK 1416-0
Mon Jul 04 11:23:35 BST 2011 conn conn 0.0.0.0(1) dest(12512) OK 1416-0
Mon Jul 04 11:23:35 BST 2011 conn close source(2619) mqipt(1416) TERM 1416-0 MQCPI130 Connection to caller closed due to connection failure to destination
Mon Jul 04 11:23:35 BST 2011 conn close 0.0.0.0(1) dest(12512) TERM 1416-0 access denied (java.net.SocketPermission dest:12512 connect,resolve)
but when a wild card * is added into the policy file, it works fine.
Mon Jul 04 11:07:04 BST 2011 conn accept source(2540) mqipt(1416) OK 1416-1
Mon Jul 04 11:07:04 BST 2011 conn conn mqipt(2) dest(12512) OK 1416-1
Mon Jul 04 11:07:07 BST 2011 conn close source(2540) mqipt(1416) OK 1416-1
Mon Jul 04 11:07:07 BST 2011 conn close mqipt(2) dest(12512) ERROR 1416-1
Since the mqipt server is in the DMZ, not sure if there is any specific routing has to be added.
Regards |
|
| Back to top |
|
|
| manojsu |
| Posted: Mon Jul 04, 2011 7:01 am Post subject: |
|
|
Centurion
Joined: 19 Jul 2006
Posts: 147
Location: Bangalore
|
Hi,
Manage to resolve it, by putting the destination IP Address as well.
Thanks for your help.
Regards
Manoj |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Mon Jul 04, 2011 8:58 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
So for everybody's edification you did following
Added the java.net.SocketPermission for the specific IP:port with permissions connect, resolve to the mqipt.policy file.
Have fun
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| manojsu |
| Posted: Mon Jul 04, 2011 12:33 pm Post subject: |
|
|
Centurion
Joined: 19 Jul 2006
Posts: 147
Location: Bangalore
|
| yes, added the destination IP Address and port number with connect, accept and resolve. |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
