| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| createQueueConnection eventually fails with 2035 |
« View previous topic :: View next topic » |
| Author |
Message
|
| jrlaffoon |
 Posted: Thu Oct 19, 2006 7:32 am Post subject: createQueueConnection eventually fails with 2035 |
 |
|
Newbie
Joined: 19 Oct 2006
Posts: 3
Location: Kansas
|
We are running into a problem where our JMS Foreign Provider connection to MQ is able to succussfully start and post client messages to a MQ Queue. However, after some time (2-3 hours) the calls to createQueueConnection begin to fail and never recovers. Any help on this would be appreciated....
System:
BEA Weblogic 8.1 (sp5)
MQ Series 6
.bindings
MQConnectionFactory
Transport Type: Bindings
Local Queue Manager is participating in a clustered environment.
ExecuteThread: '21' for queue: 'weblogic.kernel.Default', 2006/10/16 14:17:40
.469, INFO, ZVP, dainft06, IVRMQRequestHandler JMSException Caught, Message=M
QJMS2013: invalid security authentication supplied for MQQueueManager
ExecuteThread: '21' for queue: 'weblogic.kernel.Default', 2006/10/16 14:17:40
.470, INFO, ZVP, dainft06, IVRMQRequestHandler JMSException.getLinkedException
com.ibm.mq.MQException: MQJE001: Completion Code 2, Reason 2035
at com.ibm.mq.MQManagedConnectionJ11.authenticate(MQManagedConnection
J11.java:1061)
at com.ibm.mq.MQBindingsManagedConnectionFactoryJ11._createManagedCon
nection(MQBindingsManagedConnectionFactoryJ11.java:163)
at com.ibm.mq.MQBindingsManagedConnectionFactoryJ11.createManagedConn
ection(MQBindingsManagedConnectionFactoryJ11.java:189)
at com.ibm.mq.StoredManagedConnection.<init>(StoredManagedConnection.
java:80)
at com.ibm.mq.MQSimpleConnectionManager.allocateConnection(MQSimpleCo
nnectionManager.java:171)
at com.ibm.mq.MQQueueManager.obtainBaseMQQueueManager(MQQueueManager.
java:754)
at com.ibm.mq.MQQueueManager.construct(MQQueueManager.java:688)
at com.ibm.mq.MQQueueManager.<init>(MQQueueManager.java:469)
at com.ibm.mq.MQSPIQueueManager.<init>(MQSPIQueueManager.java:52)
at com.ibm.mq.jms.MQConnection.createQM(MQConnection.java:2149)
at com.ibm.mq.jms.MQConnection.createQMNonXA(MQConnection.java:1650)
at com.ibm.mq.jms.MQQueueConnection.<init>(MQQueueConnection.java:144
)
at com.ibm.mq.jms.MQQueueConnection.<init>(MQQueueConnection.java:54)
at com.ibm.mq.jms.MQQueueConnectionFactory.createQueueConnection(MQQu
eueConnectionFactory.java:106)
_________________
Randy Laffoon
Application Developer
Sprint Nextel |
|
| Back to top |
|
 |
| fjb_saper |
| Posted: Thu Oct 19, 2006 12:22 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
The reason code 2035 is a giveaway
See
| Quote: |
| invalid security authentication supplied for MQQueueManager |
This is a JAAS config problem.
In bindings mode transport you would need to have the user running the Weblogic server to have access authority to the qmgr... (at least at group level...)
Of course the assumption is that WebLogic and the MQServer referenced in the .bindings file are on the same hardware...
Enjoy 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| jrlaffoon |
| Posted: Thu Oct 19, 2006 12:56 pm Post subject: |
|
|
Newbie
Joined: 19 Oct 2006
Posts: 3
Location: Kansas
|
MQ admin,
Understandable that this is the reason for 2035. In fact the issue of MQ Security itself is rather simple to fix. The problem with this connection is the JMS client is able to connect to the Queue Manager initially without a 2035 and is also able to put and get messages from the respective queues. However, after the process runs for some time the createQueueConnection results in a 2035 after "n" successful attempts.
_________________
Randy Laffoon
Application Developer
Sprint Nextel |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Thu Oct 19, 2006 1:24 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
I repeat this is a JAAS issue and a config issue.
If you are passing the userid from the web you don't know which user id is trying to access the qmgr....
Set up the JAAS config for container managed acces and the other type of access (can't remember the name but you have 2 choices...).
Enjoy
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| jrlaffoon |
| Posted: Thu Oct 19, 2006 1:52 pm Post subject: |
|
|
Newbie
Joined: 19 Oct 2006
Posts: 3
Location: Kansas
|
Ah, we aren't passing a user id from the web or any dynamic user id. This is a middeware application that front ends a webservice to a MQ series backend. Client security is already taken care of before the connection to a queue manager is required.
The user id that the managed server process is starting under is being used to connect to the MQ Queue Manager on the same machine. This queue manager is clustered with several other queue managers. The actual queues being communicated with are not on our local queue manager.
If you believe JAAS config issues explains why we are successfully connecting, sending and receiving messages initially but then failing later with a 2035, then I will go down that path as recommended...
Code Snapshot of JMS communication... (Note the variant of createQueueConnection() no user id and password) is utilized).
QueueConnectionFactory qconFactory = null;
QueueConnection qcon = null;
QueueSession qsession = null;
try {
qconFactory = QueueConnectionFactory) ServiceLocator.localLookup(connFactory);
qcon = qconFactory.createQueueConnection();
} catch (JMSException ex) {
// Recycle factory and Retry one more time. else throw exception.
qcon = recycleQConFactory(connFactory);
}
try {
qsession = qcon.createQueueSession(false, Session.AUTO_ACKNOWLEDGE);
QueueSender qsender = null;
try {
Queue queue = (Queue) ServiceLocator.localLookup(queueName);
qsender = qsession.createSender(queue);
} catch (JMSException ex) {
// Recycle Queue and try again.
qsender = recycleQSender(queueName, qsession);
}
TextMessage tm = qsession.createTextMessage();
tm.setJMSType(jmsType);
tm.setText(text);
qcon.start();
qsender.send(tm);
String messageId = tm.getJMSMessageID();
qsender.close();
return messageId;
} finally {
cleanupQueue(qcon, qsession);
}
_________________
Randy Laffoon
Application Developer
Sprint Nextel |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Thu Oct 19, 2006 2:22 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
As the config states you have 2 possibilities to access queue manager objects and both allow for JAAS. One is container authentication the other is right next to it on the WAS config screen.
This is for standard access.
Then you have the override stuff where you can pass the principal in the definition of the original context factory etc... (and still your code is not specifying a user name or password)
And of course you can have the odd programer out there using qcf.createConnection(username, passwd).
If he is specifying any name different from the user running the process and the connection is in bindings mode you will get a 2035 even if the user has authorization.
My guess is that somebody is accessing the qcf in a way that was not expected and this is what is causing you the 2035.
Worst case scenario, your authentication is done over ldap and the ldap server cannot be reached... That would account for everything working fine but suddenly getting a 2035 on the same user. If the authentication of the user cannot be made (communications problem with the ldap server) I would expect you to get a 2035.
Anyway you can turn on security events and look up the exact cause.
Enjoy
_________________
MQ & Broker admin |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
