| Author |
Message
|
| peterw686 |
 Posted: Wed Jan 21, 2004 8:46 am Post subject: JMS USERID |
 |
|
Acolyte
Joined: 26 Sep 2002
Posts: 73
|
Hi,
We have a cluster which has three Queue Managers joined in. One of it is other company's and they have a useid provided as "MQXXX".
The scenario is that we will put message to their queue via the cluster. Their queue manager QM3 has a cluster queue Q3 which is shared in the cluster and not exist on our side.
So, I wrote a program to send message to Q3 using JMS.
The code I am using is :
| Code: |
| qcon = qconFactory.createQueueConnection("MQXXX", null); |
However, I believe because our queue manager has not setup this user, so it gives me "security authorization error".
In this case, do I have to set up a user "MQXXX" on our side or there is a way to work around it.
Any question, suggestion or comment are appreciated. |
|
| Back to top |
|
 |
| Michael Dag |
| Posted: Wed Jan 21, 2004 11:57 am Post subject: |
|
|
Jedi Knight
Joined: 13 Jun 2002
Posts: 2607
Location: The Netherlands (Amsterdam)
|
try authorising your userid with setid or altuser.
if you want all messages to arrive on MQ3 with MQXXX and the cluster is secure enough, you could set the incoming userid on the cluster receiver channel.
Michael |
|
| Back to top |
|
|
| peterw686 |
| Posted: Wed Jan 21, 2004 12:18 pm Post subject: |
|
|
Acolyte
Joined: 26 Sep 2002
Posts: 73
|
I am a newbie of MQ.
Could you tell me how to authorise the userid with setid or altuser?
Thanks. |
|
| Back to top |
|
|
| Michael Dag |
| Posted: Wed Jan 21, 2004 12:22 pm Post subject: |
|
|
Jedi Knight
Joined: 13 Jun 2002
Posts: 2607
Location: The Netherlands (Amsterdam)
|
Lookup the setmqaut command in either the System Administration Guide PDF or use the search in the Information Center facility on Windows.
Michael |
|
| Back to top |
|
|
| peterw686 |
| Posted: Wed Jan 21, 2004 12:30 pm Post subject: |
|
|
Acolyte
Joined: 26 Sep 2002
Posts: 73
|
I tried this command like
setmqaut -m MY_QMGR_NAME -t qmgr -p MQXXX +all
it gave error:
AMQ7026: A principal or group name was invalid.
Is this command wrong or I have to create such a unix user? |
|
| Back to top |
|
|
| Michael Dag |
| Posted: Wed Jan 21, 2004 12:44 pm Post subject: |
|
|
Jedi Knight
Joined: 13 Jun 2002
Posts: 2607
Location: The Netherlands (Amsterdam)
|
give you own user the +all authority, do refresh security and then you can 'pretend' to be MQXXX in the MQMD, so when the message arrives on QM3 it looks like it came from MQXXX.
Michael |
|
| Back to top |
|
|
| peterw686 |
| Posted: Wed Jan 21, 2004 12:48 pm Post subject: |
|
|
Acolyte
Joined: 26 Sep 2002
Posts: 73
|
Hi Michael,
Really thank for your post.
I still don't understand. I am the user mqm of mqm group, so I guess I already have the all authority.
How to do refresh security?
Peter |
|
| Back to top |
|
|
| Michael Dag |
| Posted: Wed Jan 21, 2004 2:13 pm Post subject: |
|
|
Jedi Knight
Joined: 13 Jun 2002
Posts: 2607
Location: The Netherlands (Amsterdam)
|
well if you are mqm you need not refresh security...
mqm = Lord of the Queues  One id to rule them all ...
I did some digging and found
JMSXUserID maps to UserIdentifier set by Send Method
I can't try myself as I never really mastered JMS...
Michael
Do post your results when you succeed! |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Wed Jan 21, 2004 2:33 pm Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
| peterw686 wrote: |
| How to do refresh security? |
echo "refresh security"|runmqsc
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| mqonnet |
| Posted: Wed Jan 21, 2004 2:38 pm Post subject: |
|
|
Grand Master
Joined: 18 Feb 2002
Posts: 1114
Location: Boston, Ma, Usa.
|
Ok, clarify a few things.
1) What do you mean the other company gave you a userid to use. Where to use, when to use??? Did they set specific authorizations on this particular cluster queue so that it could be accessed by only userid MQXXX.
2) Where is your program failing. What MQ api call. I wouldnt expect any of your MQ api calls to fail though, if i understand your scenario right.
3) You dont need any setmqauts/refresh security on your qm, unless your local qm is the destination qm. Security comes into picture only for the remote queue manager where you have to have a principal defined with the same name as the logon id on the local system.
System A(userid FRED) ---- puts to remote queue on System A destined for local queue X on system B---- On System B, you must define userid FRED, if you have set restrictions on queue X access limiting to user FRED.
In this scenario you DO NOT need to change/set any authorizations on System A. Which is what your situation looks like.
4) Where do you get this "security authorization error".
5) Are you connecting to your local queue manager and opening the clustered queue at the other company?
Cheers
Kumar |
|
| Back to top |
|
|
| Michael Dag |
| Posted: Wed Jan 21, 2004 4:08 pm Post subject: |
|
|
Jedi Knight
Joined: 13 Jun 2002
Posts: 2607
Location: The Netherlands (Amsterdam)
|
| MichaelDag wrote: |
I did some digging and found
JMSXUserID maps to UserIdentifier set by Send Method
|
Sorry for putting you on the wrong track here I just found out I was supposed to read this as "set by Send Method" and not "can be set in Send Method"... 
Michael |
|
| Back to top |
|
|
| peterw686 |
| Posted: Thu Jan 22, 2004 8:00 am Post subject: |
|
|
Acolyte
Joined: 26 Sep 2002
Posts: 73
|
Thanks Michael and Kumar,
Let me try to clarify the scenario.
on our Solaris boxes, we have two QM: QM1 and QM2 joined the cluster C1
on another company side(MVS), they have one QM: QM3 joined the cluster C1.
On each of QM1 and QM2, we have defined a cluster queue Q1 for receiving message from QM3.
On QM3 has a cluster queue Q3 for receiving request message from our company.
Because we are using JMS sending message, we look up our QM1 connection factory object and put Q3 as the destination. In that case, because QM1 has no such local queue, so it should forward to QM3.
The UserID they provided to us "MQXXX" is the USERID in MQMD message descirptor.
On QM1 and QM2, we are use user "mqm". I don't know what user they are on.
The code for sending message shows below:
| Code: |
QueueConnectionFactory qconFactory = (QueueConnectionFactory)JNDIObjectLocator.getInstance().
getObjectFromThirdpartyContext(factoryName);
// get connection
String userID = MQPropertyConfigurator.getUserID(destination);
// here if we want to send to QM3, we put userID as "MQXXX"
if( userID != null && userID.trim().length() > 0){
qcon = qconFactory.createQueueConnection(userID, null);
}
else{
qcon = qconFactory.createQueueConnection();
}
// XXXXXXXXXXXXXXX This is the place throw error if we use MQXXX
// if we put userID is null, it gaves
// MQJE001: Completion Code 2, Reason 2085 error
// get session
qsession = qcon.createQueueSession(false, Session.AUTO_ACKNOWLEDGE);
// get the Queue from URI
String queueURIName = MQPropertyConfigurator.getQueueURI(destination, true);
logger.debug("Sending message to the Queue :"+queueURIName);
Queue queue = qsession.createQueue(queueURIName);
// get the QueueSender
qsender = qsession.createSender(queue);
logger.debug("Got the QueueSender");
// create TextMessage
msg = qsession.createTextMessage();
// start connection
qcon.start();
|
I check with other developer on their side, they haven't got any data via network. Also, the queue cluster looks fine, we can see their qm in clusqmgr(*).
Thanks in advanced.
Peter |
|
| Back to top |
|
|
| bower5932 |
| Posted: Thu Jan 22, 2004 8:04 am Post subject: |
|
|
Jedi Knight
Joined: 27 Aug 2001
Posts: 3023
Location: Dallas, TX, USA
|
| I haven't been following this thread, but if the 2085 in the previous post is what you are getting, then this is an unknown object. I would guess that you don't have the underlying MQ queue name correct on your destination. I'd also double-check that you don't have your local qmgr specified on your Q definition. This will cause the system to look for the queue on the local qmgr. |
|
| Back to top |
|
|
| peterw686 |
| Posted: Thu Jan 22, 2004 8:12 am Post subject: |
|
|
Acolyte
Joined: 26 Sep 2002
Posts: 73
|
Hi Michael,
I use
| Code: |
| msg.setStringProperty("JMSXUserID", "MQXXX"); |
but it gave error saying it's not correct property. |
|
| Back to top |
|
|
|
|
