| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| Java jms authorization not working |
« View previous topic :: View next topic » |
| Author |
Message
|
| tobix10 |
 Posted: Wed Aug 21, 2013 5:23 am Post subject: Java jms authorization not working |
 |
|
Newbie
Joined: 21 Aug 2013
Posts: 2
|
Hello, I have a strange problem with my java code which sends simple jms text message to the queue. Finally I've figured out how to use mcauser property, but it seems that java don't respect this settings.
When I try to put messages from samp amqsput on different account(not mcauser one) I got error code, but when I send it from java there is no exception and every msg is transported to the queue.
Let me explain how my architecture looks like and what I configured.
Architecture: java_producer ---> remote1 ---> remote2 ---> local ---> java_consumer
QUEUES are on LINUX, I try to connect from WINDOWS.
User: mqtest group: mqqueues
In java_producer class I use JNDI bindings and pass user login and password to connection function:
| Code: |
JmsConnectionFactory cf = (JmsConnectionFactory) context.lookup(conFactory);
connection = cf.createConnection(login, pass); |
My JNDI bindings points to remote1 through the svrconn channel with mcauser('mqtest').
In the runmqsc interpreter I switch on CHLAUTH for QMGR of remote1 point, also tried to REFRESH SECURITY.
I didn't change default security settings, but added only access for group mqqueues.
| Code: |
| setmqaut -m MYQMGR -t qmgr -g mqqueues -all +inq +connect |
| Code: |
| setmqaut -m MYQMGR -t queue -g mqqueues -n MYREMOTE1 -all +put +inq |
I checked these with dspmqaut, everything seems fine.
Any suggestions? Does user login and password determine user id?
How can I check what user id connected to the queue? |
|
| Back to top |
|
 |
| Vitor |
| Posted: Wed Aug 21, 2013 5:46 am Post subject: Re: Java jms authorization not working |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| tobix10 wrote: |
Any suggestions? Does user login and password determine user id?
How can I check what user id connected to the queue? |
WMQ never uses a password; it authorises but does not authenticate. You'll find a raft of discussion on this in the forum with the search facility (top right of this page)
It also doesn't use the logged on user id but the user id passed to it. Commonly, Java a blank user id so WMQ is forced to fill in the blank with the only id it has - the id of the channel receiving the message from Java. Typicaly this is the mqm "super user" so you don't get security violations. You'll find a raft of discussion on this as well.
It's best practice to always use MCAUser on a client connection and Java shouldn't be able to ignore it. I'm not a Java person, but are you sure that JNDI is using the channel you think it is?
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Wed Aug 21, 2013 3:39 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
if you use the form cf.createConnection(userid,pwd) the userid will be passed to the channel. It may be meaningless if you have an MCAUser set on the channel.
Have fun 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| tobix10 |
| Posted: Wed Aug 21, 2013 11:05 pm Post subject: Re: Java jms authorization not working |
|
|
Newbie
Joined: 21 Aug 2013
Posts: 2
|
| Vitor wrote: |
| I'm not a Java person, but are you sure that JNDI is using the channel you think it is? |
Yes, I'm sure.
| fjb_saper wrote: |
| if you use the form cf.createConnection(userid,pwd) the userid will be passed to the channel. It may be meaningless if you have an MCAUser set on the channel. |
I am not convinced about this now. It looks like
Vitor says: "Java passes blank user id".
I will search about this. Thanks for reply. |
|
| Back to top |
|
|
| Vitor |
| Posted: Thu Aug 22, 2013 4:38 am Post subject: Re: Java jms authorization not working |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| tobix10 wrote: |
| Vitor wrote: |
| I'm not a Java person, but are you sure that JNDI is using the channel you think it is? |
Yes, I'm sure. |
Take your word over mine when it comes to Java 
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Fri Aug 23, 2013 10:20 am Post subject: Re: Java jms authorization not working |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| tobix10 wrote: |
| Vitor wrote: |
| I'm not a Java person, but are you sure that JNDI is using the channel you think it is? |
Yes, I'm sure.
| fjb_saper wrote: |
| if you use the form cf.createConnection(userid,pwd) the userid will be passed to the channel. It may be meaningless if you have an MCAUser set on the channel. |
I am not convinced about this now. It looks like
Vitor says: "Java passes blank user id".
I will search about this. Thanks for reply. |
| fjb_saper wrote: |
| if you use the form cf.createConnection(userid,pwd) the userid will be passed to the channel. It may be meaningless if you have an MCAUser set on the channel. |
What Vitor was referring to was the other form of the method:
| Code: |
| cf.createConnection() |
Have fun
_________________
MQ & Broker admin |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
