| Author |
Message
|
| delfon |
 Posted: Mon May 21, 2012 6:37 am Post subject: Error 2035 when using Java |
 |
|
Newbie
Joined: 21 May 2012
Posts: 4
|
Hello all,
I am trying to set up MQ Server on RHEL 5 so that Queue Manager will be available for Java over TCP channel. I have MQS version 7.1.0-0.
I followed the tutorial, however, I keep getting error 2035 - MQRC_NOT_AUTHORIZED |
|
| Back to top |
|
 |
| delfon |
| Posted: Mon May 21, 2012 6:38 am Post subject: Error 2035 when using Java |
|
|
Newbie
Joined: 21 May 2012
Posts: 4
|
Executed commands:
To set up and start Queue Manager:
crtmqm -q QM_TEST
strmqm
To set up local queue and channel, start listener
runmqsc
define qlocal(Q1)
define channel(CHANNEL1) chltype(svrconn) trptype(tcp) mcauser(' ')
start listener(system.default.listener.tcp)
end
Sending and receiving messages localy using amqsput & amqsget works.
Then I set up Java env on user mqm.
Test connection from Java:
$ java -Djava.library.path=/opt/mqm/java/lib MQIVP
Websphere MQ for Java Installation Verification Program
5724-B4 (C) Copyright IBM Corp. 2002. All Rights Reserved.
===========================================================
Please enter the IP address of the MQ server :localhost
Please enter the port to connect to : (1414)
Please enter the server connection channel name :CHANNEL1
Please enter the queue manager name :QM_TEST
MQJE001: Completion Code '2', Reason '2035'.
Failure: Attempt to connect to queue manager failed.
Reason: MQ Reason code 2,035
Action: Consult Websphere MQ Application Programming Reference for explanation.
I don't understand why I got this error. MCAUSER is set to ' ' so there should not be any authorization required.
I have also tried to authorize user mqm, but I got code 2035 as well.
setmqaut -m QM_TEST -t qmgr -p mqm +connect +inq +dsp
Any help would be much appreciated.
Thank you. |
|
| Back to top |
|
|
| Vitor |
| Posted: Mon May 21, 2012 6:53 am Post subject: Re: Error 2035 when using Java |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| delfon wrote: |
| I don't understand why I got this error. MCAUSER is set to ' ' so there should not be any authorization required. |
I don't understand why you think that. Using a MCAUser of ' ' doesn't mean "turn off authorization". You need to supply valid credentials (possibly by setting MCAUser to a value).
It's also a very bad idea to use mqm as the authorized user for an application. It means that anyone using that application's id has total administrative access to the queue manager.
| delfon wrote: |
I have also tried to authorize user mqm, but I got code 2035 as well.
setmqaut -m QM_TEST -t qmgr -p mqm +connect +inq +dsp |
You really didn't read the Security manual did you? The mqm user is the admin user; it always has full authority against the queue manager so using setmqaut to change it's authority will fail.
| delfon wrote: |
| Any help would be much appreciated. |
Have another read of the Security & Client documentation.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Mon May 21, 2012 6:39 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
7.1 changed things around channel security so read up  
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| delfon |
| Posted: Mon May 21, 2012 11:35 pm Post subject: |
|
|
Newbie
Joined: 21 May 2012
Posts: 4
|
| thank you for heads up! My problem is now resolved. |
|
| Back to top |
|
|
| exerk |
| Posted: Tue May 22, 2012 12:11 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| delfon wrote: |
| thank you for heads up! My problem is now resolved. |
By turning off Channel Authentication by any chance?
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| delfon |
| Posted: Tue May 22, 2012 3:13 am Post subject: |
|
|
Newbie
Joined: 21 May 2012
Posts: 4
|
Yes, this is also an option, but not in a secure way.
You can do it in runmqsc by command ALTER QMGR CHLAUTH(DISABLED)
I managed to get an access to channel using setmqaut for non-administrative user. |
|
| Back to top |
|
|
| exerk |
| Posted: Tue May 22, 2012 3:20 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| delfon wrote: |
| I managed to get an access to channel using setmqaut for non-administrative user. |
Good to see it done properly...and then you set the appropriate channel auth to further lock it down? 
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
|
|
