| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| Troubles with security and Websphere application server |
« View previous topic :: View next topic » |
| Author |
Message
|
| vopros |
 Posted: Fri Aug 12, 2005 5:06 am Post subject: Troubles with security and Websphere application server |
 |
|
Newbie
Joined: 12 Aug 2005
Posts: 7
|
Is this correct behavior of websphere mq (v5.3 CSD10):
| Code: |
C:\IBM\WebSphere MQ\bin>setmqaut -t qmgr -m WAS_fomin_clust2 -p sysadm +all
The setmqaut command completed successfully.
C:\IBM\WebSphere MQ\bin>dspmqaut -t qmgr -m WAS_fomin_clust2 -p sysadm
Entity sysadm has the following authorizations for object WAS_fomin_clust2:
C:\IBM\WebSphere MQ\bin>setmqaut -t qmgr -m WAS_fomin_clust2 -p sysadm +connect
The setmqaut command completed successfully.
C:\IBM\WebSphere MQ\bin>dspmqaut -t qmgr -m WAS_fomin_clust2 -p sysadm
Entity sysadm has the following authorizations for object WAS_fomin_clust2:
|
The OS is Windows 2000. sysadm is valid local user.
I cannot manage permissions in queue manager. The queue manager was created using createmq.bat command which is shipped with WAS.
I also tried to use MQ as JMS provider for WebSphere Application Server. I cannot resolve the following problem (appears as Java exception in WAS logs when starting):
| Code: |
The Connection Manager received a fatal connection error from the Resource Adaptor for resource com.sss.SchedulerConnectionFactory. The exception which was received is com.ibm.mq.jms.BrokerCommandFailedException: Broker command failed: MQRCCF_NOT_AUTHORIZED Reason code 3081
at com.ibm.mq.jms.MQBrokerSubscriptionEngine.openSubscription(MQBrokerSubscriptionEngine.java:348)
at com.ibm.mq.jms.MQMigrateSubscriptionEngine.openSubscription(MQMigrateSubscriptionEngine.java:197)
at com.ibm.mq.jms.MQConnectionBrowser.pubSubSetup(MQConnectionBrowser.java:389)
at com.ibm.mq.jms.MQConnectionBrowser.MQConnectionBrowserInit(MQConnectionBrowser.java:266)
at com.ibm.mq.jms.MQConnectionBrowser.<init>(MQConnectionBrowser.java:118)
at com.ibm.mq.jms.MQConnection.createConnectionBrowser(MQConnection.java:3580)
at com.ibm.mq.jms.MQTopicConnection.createConnectionBrowser(MQTopicConnection.java:328)
at com.ibm.mq.jms.MQConnectionConsumer.<init>(MQConnectionConsumer.java:458)
at com.ibm.mq.jms.MQConnectionConsumer.<init>(MQConnectionConsumer.java:362)
at com.ibm.mq.jms.MQConnection.createConnectionConsumer(MQConnection.java:3151)
at com.ibm.ejs.jms.JMSTopicConnectionHandle.createConnectionConsumer(JMSTopicConnectionHandle.java:118)
at com.ibm.ejs.jms.listener.MDBListenerImpl.createResources(MDBListenerImpl.java:432)
at com.ibm.ejs.jms.listener.MDBListenerImpl.internalStart(MDBListenerImpl.java:586)
at com.ibm.ejs.jms.listener.MDBListenerImpl.start(MDBListenerImpl.java:518)
at com.ibm.ejs.jms.listener.MDBListenerManagerImpl.start(MDBListenerManagerImpl.java:482)
at com.ibm.ejs.jms.listener.MsgListenerPort.add(MsgListenerPort.java:152)
at com.ibm.ejs.jms.listener.MDBListenerManagerImpl.startApplicationMDBs(MDBListenerManagerImpl.java:715)
at com.ibm.ejs.jms.listener.MDBListenerManagerImpl.stateChanged(MDBListenerManagerImpl.java:686)
at com.ibm.ws.runtime.component.MessageListenerImpl.stateChanged(MessageListenerImpl.java:151)
at com.ibm.ws.runtime.component.ApplicationMgrImpl.stateChanged(ApplicationMgrImpl.java:475)
at com.ibm.ws.runtime.component.DeployedApplicationImpl.fireDeployedObjectEvent(DeployedApplicationImpl.java:791)
at com.ibm.ws.runtime.component.DeployedApplicationImpl.setState(DeployedApplicationImpl.java:157)
at com.ibm.ws.runtime.component.DeployedApplicationImpl.setState(DeployedApplicationImpl.java:153)
at com.ibm.ws.runtime.component.DeployedApplicationImpl.start(DeployedApplicationImpl.java:589)
at com.ibm.ws.runtime.component.ApplicationMgrImpl.startApplication(ApplicationMgrImpl.java:299)
at com.ibm.ws.runtime.component.ApplicationMgrImpl.start(ApplicationMgrImpl.java:256)
at com.ibm.ws.runtime.component.ContainerImpl.startComponents(ContainerImpl.java:536)
at com.ibm.ws.runtime.component.ContainerImpl.start(ContainerImpl.java:413)
at com.ibm.ws.runtime.component.ApplicationServerImpl.start(ApplicationServerImpl.java:152)
at com.ibm.ws.runtime.component.ContainerImpl.startComponents(ContainerImpl.java:536)
at com.ibm.ws.runtime.component.ContainerImpl.start(ContainerImpl.java:413)
at com.ibm.ws.runtime.component.ServerImpl.start(ServerImpl.java:243)
at com.ibm.ws.runtime.WsServer.start(WsServer.java:128)
at com.ibm.ws.runtime.WsServer.main(WsServer.java:225)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:85)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:58)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:60)
at java.lang.reflect.Method.invoke(Method.java:391)
at com.ibm.ws.bootstrap.WSLauncher.main(WSLauncher.java:189)
|
WAS v5.1.1 is running using sysadm as profile (Windows 2000). sysadm is member of mqm and mqmbrkrs groups.
Please can abybody help me? |
|
| Back to top |
|
 |
| vennela |
| Posted: Sat Aug 13, 2005 12:09 pm Post subject: |
|
|
Jedi Knight
Joined: 11 Aug 2002
Posts: 4055
Location: Hyderabad, India
|
| Quote: |
| WAS v5.1.1 is running using sysadm as profile (Windows 2000). sysadm is member of mqm and mqmbrkrs groups. |
If it is part of mqm group then why do you have to set authorizations.
Issue refresh security at the QMGR level and see if the problem goes away.
If you are trying to figure out a work around, try setting the TCF (or QCF ) to client mode and specify a SVRCONN channel |
|
| Back to top |
|
|
| vopros |
| Posted: Wed Aug 17, 2005 1:54 am Post subject: |
|
|
Newbie
Joined: 12 Aug 2005
Posts: 7
|
| Quote: |
| Issue refresh security at the QMGR level and see if the problem goes away. |
Can you briefly describe how can I do that?
| Quote: |
| If you are trying to figure out a work around, try setting the TCF (or QCF ) to client mode and specify a SVRCONN channel |
I've tried to use BINDINGS, CLIENT and DIRECT connection types. None of them works. CLIENT, like BINDINGS, returns MQRCCF_NOT_AUTHORIZED. I'm sure that broker is started by sysadm profile. sysadm is a member of mqm and mqmbrkrs groups. WebSphere Application Server is also started by sysadm profile. So, as i read in documentation, there cannot be any authorization problems. But they arise! |
|
| Back to top |
|
|
| vopros |
| Posted: Tue Aug 23, 2005 7:24 am Post subject: |
|
|
Newbie
Joined: 12 Aug 2005
Posts: 7
|
I've solved the problem. The mistake was using createmq.bat to create QMgrs.
createmq.bat replaces authenticator with its own, so broker epecially can't be authenticated.[/u] |
|
| Back to top |
|
|
| kman |
| Posted: Wed Aug 24, 2005 10:11 pm Post subject: |
|
|
Partisan
Joined: 21 Jan 2003
Posts: 309
Location: Kuala Lumpur, Malaysia
|
createMQ.bat is a batch that is used for creating the JMS broker for WAS. Part of the commands in createmq is crtmqm. The createmq is not part of WMQ command, and it should never be use to create queue manager.
Just thought you should know. |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
