| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| Setting securityMechanism=13 on DB2 JDBC connection |
« View previous topic :: View next topic » |
| Author |
Message
|
| jmenning |
 Posted: Thu Aug 27, 2015 4:00 am Post subject: Setting securityMechanism=13 on DB2 JDBC connection |
 |
|
Newbie
Joined: 27 Feb 2015
Posts: 8
|
Greetings,
Where is the proper place to set the securityMechanism on an IIB DB2 JDBC connection?
Due to security concerns, I need to set securityMechanism=13 (encrypt username and password) on my DB2 JDBC connection. To the best of my knowledge, that needs to be set on the environmentParms parameter of the configurable service. However, when I run a JCC trace (pasted below), the securityMechanism remains set at 3. As a result, the DB2 call fails with the exception: "Connection authorization failure occurred. Reason: Security mechanism not supported. ERRORCODE=-4214, SQLSTATE=28000"
I tried adjusting the connectionUrl to include securityMechanism=13, but get a URL tokenization error.
Running DB2 10.5, IIB 9. Broker restarted after changes made to configurable sevice.
Thanks for your help,
Jesse
Exception
[jcc][Thread:Thread-14][SQLException@2ddff66] SQL state = 28000
[jcc][Thread:Thread-14][SQLException@2ddff66] Error code = -4214
[jcc][Thread:Thread-14][SQLException@2ddff66] Message = [jcc][t4][201][11237][3.64.114] Connection authorization failure occurred. Reason: Security mechanism not supported. ERRORCODE=-4214, SQLSTATE=28000
Details of configurable service:
JDBCProviders
ODMDB
connectionUrlFormat='jdbc:db2://[serverName]:[portNumber]/[databaseName]:user=[user];password=[password];'
connectionUrlFormatAttr1=''
connectionUrlFormatAttr2=''
connectionUrlFormatAttr3=''
connectionUrlFormatAttr4=''
connectionUrlFormatAttr5=''
databaseName='ODMDB'
databaseSchemaNames='useProvidedSchemaNames'
databaseType='DB2 Universal Database'
databaseVersion='10.5'
description='WODM Database Connection'
environmentParms='securityMechanism=13'
jarsURL='/apps/DB2_jars'
jdbcProviderXASupport='jdbcProviderXASupport'
maxConnectionPoolSize='0'
portNumber='50001'
securityIdentity='ODMDB'
serverName='OBSCURED'
type4DatasourceClassName='com.ibm.db2.jcc.DB2XADataSource'
type4DriverClassName='com.ibm.db2.jcc.DB2Driver'
JCC Trace
[code][jcc] Attempting connection to va2db2odmdb.dev01.soatest.local:50001/ODMDB
[jcc] Using properties: { maxStatements=0, currentPackagePath=null, currentLockTimeout=-2147483647, timerLevelForQueryTimeOut=0, optimizationProfileToFlush=null, timeFormat=1, monitorPort=0, sendCharInputsUTF8=0, LOCKSSFU=null, alternateGroupDatabaseName=null, sendDataAsIs=false, stripTrailingZerosForDecimalNumbers=0, returnAlias=1, supportsAsynchronousXARollback=2, sessionTimeZone=null, pkList=null, atomicMultiRowInsert=0, traceFileCount=2, DEBUG=null, IFX_UPDDESC=1, traceDirectory=null, maxRowsetSize=32767, driverType=4, extendedDiagnosticLevel=240, accountingInterval=null, monitoredDataSourceName=null, concurrentAccessResolution=0, LKNOTIFY=yes, clientProgramName=null, enableAlternateGroupSeamlessACR=false, connectNode=-1, traceFileSize=1048576, progressiveStreaming=0, profileName=null, DBMAXPROC=null, INFORMIXSTACKSIZE=null, databaseName=ODMDB, IFX_XASTDCOMPLIANCE_XAEND=null, decimalSeparator=0, DBPATH=., emulateParameterMetaDataForZCalls=0, decimalRoundingMode=-2147483647, serverName=OBSCURED, DUMPDIR=null, contact admin=0, streamBufferSize=1048576, STMT_CACHE_DEBUG=null, downgradeHoldCursorsUnderXa=false, currentRefreshAge=-9223372036854775807, kerberosServerPrincipal=null, DB_LOCALE=null, description=null, DUMPCORE=null, queryCloseImplicit=0, keepDynamic=0, PSORT_NPROCS=null, user=ehrapp, connectionCloseWithInFlightTransaction=0, fullyMaterializeLobData=true, enableClientAffinitiesList=0, clientUser=null, portNumber=50001, resultSetHoldability=0, allowNextOnExhaustedResultSet=0, NOSORTINDEX=null, currentLocaleLcCtype=null, enableConnectionConcentrator=false, implicitRollbackOption=0, monitorServerName=null, STMT_CACHE=null, PSORT_DBTEMP=null, IFX_EXTDIRECTIVES=null, sqljEnableClassLoaderSpecificProfiles=false, clientAccountingInformation=null, sqljCloseStmtsWithOpenResultSet=true, connectionTimeout=0, clientProgramId=null, IFX_DIRECTIVES=null, enableSeamlessFailover=0, GCORE=null, SQLSTATS=null, LOCKDOWN=no, currentExplainMode=null, SORTINDEX=null, timestampFormat=5, retryIntervalForClientReroute=-1, password=****, updateCountForBatch=0, reportLongTypes=0, activateDatabase=0, xaNetworkOptimization=true, plugin=null, traceOption=0, pdqProperties=null, currentSchema=null, CR_LOCKBLOB=null, traceLevel=-1, enableRowsetSupport=0, clientDebugInfo=null, dataSourceName=null, enableAlternateServerListFirstConnect=0, maxRetriesForClientReroute=-1, fetchSize=-1, queryDataSize=0, queryTimeoutInterruptProcessingMode=1, alternateGroupServerName=null, clientRerouteAlternateServerName=null, DBTEMP=/tmp, enableT2zosLBF=0, SUBQCACHESZ=10, ssid=null, maxConnCachedParamBufferSize=1048576, fullyMaterializeInputStreamsOnBatchExecution=0, alternateGroupPortNumber=null, currentMaintainedTableTypesForOptimization=null, traceFile=null, currentExplainSnapshot=null, DBDATE=Y4MD-, SLABEL=null, enableMultirowInsertSupport=true, commandTimeout=0, currentFunctionPath=null, enableT2zosLBFSPResultSets=0, monitorEnabled=0, enableNamedParameterMarkers=0, PDQPRIORITY=null, supportsRawDateTimeRetrieval=false, useCachedCursor=true, pluginName=null, charOutputSize=0, maxTransportObjects=2147483647, NOSHMSG=null, resultSetHoldabilityForCatalogQueries=0, monitorLevel=0, IFX_FLAT_UCSQ=null, affinityFailbackInterval=0, enableT2zosCallSPBundling=0, planName=null, SQL_FROM_DBIMPORT=null, interruptProcessingMode=1, floatingPointStringFormat=0, currentPackageSet=null, timestampPrecisionReporting=0, clientRerouteAlternatePortNumber=null, useTransactionRedirect=false, dateTimeMutation=false, securityMechanism=3, statementConcentrator=0, timestampOutputType=0, allowNullResultSetForExecuteQuery=0, sysSchema=null, decimalStringFormat=0, blockingReadConnectionTimeout=0, DBANSIWARN=false, sslTrustStorePassword=****, DELIMIDENT=false, clientWorkstation=null, currentQueryOptimization=-2147483647, clientApplicationInformation=null, DUMPSHMEM=null, translateForBitData=0, monitorCollectionInterval=0, sslTrustStoreLocation=null, optimizationProfile=null, retrieveMessagesFromServerOnGetMessage=false, readOnly=false, INFORMIXOPCACHE=null, useRowsetCursor=true, traceFileAppend=false, clientRerouteServerListJNDIName=null, enableSysplexWLB=false, useJDBC4ColumnNameAndLabelSemantics=0, recordTemporalHistory=0, NODEFDAC=no, sslConnection=false, dateFormat=1, OPTOFC=null, cliSchema=null, retryWithAlternativeSecurityMechanism=0, enableExtendedDescribe=0, DBSPACETEMP=null, enableExtendedIndicators=0, PLOAD_LO_PATH=null, encryptionAlgorithm=0, keepAliveTimeOut=15, DBUPSPACE=null, cursorSensitivity=0, jdbcCollection=NULLID, fullyMaterializeInputStreams=false, currentSQLID=null, loginTimeout=0, useIdentityValLocalForAutoGeneratedKeys=false, OPTCOMPIND=null, LIGHT_SCANS=null, defaultIsolationLevel=2, deferPrepares=true, currentDegree=null, DUMPMEM=null, memberConnectTimeout=0 } |
|
| Back to top |
|
 |
| fjb_saper |
| Posted: Thu Aug 27, 2015 8:30 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
Look at what your URL format should be...
You may have to add the ConnectionURLFormatAttrx to your template for it to take effect.
What would your normal jdbc URL look like if you were not using IIB.
Does your IIB template provide for that? 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| jmenning |
| Posted: Tue Sep 15, 2015 5:24 am Post subject: |
|
|
Newbie
Joined: 27 Feb 2015
Posts: 8
|
Thanks for the advice, fjb_saper. In general you are correct, directly adjusting the URL string works (jdbc:db2://[serverName]:[portNumber]/[databaseName]:user=[user];password=[password];securityMechanism=13;')
Trying to simplify things in the original post, I didn't mention that the JDBC connection was being leveraged by a DecisionServiceRepository config service, which in turn is used by a Decision Service node. I figured that underneath the covers it was the same as a typical JDBC connection used by the Database Retrieve node,etc. This is not true.
Instead, on execution group start, the JDBC provider config service is parsed to create the resource adapter config (ra.xml) used by the WODM client jar. In 9.0.3 this parsing process does not correctly capture the securityMechanism=13; which results in the exceptions seen. I'm working with L3 support to get a fix for this, presumably there will be an APAR as well. I will update this thread when I have more information.
Best,
Jesse |
|
| Back to top |
|
|
| jmenning |
| Posted: Tue Oct 06, 2015 5:59 am Post subject: |
|
|
Newbie
Joined: 27 Feb 2015
Posts: 8
|
| Just to close the loop, the APAR for this issue is IT11598. It will likely be in FP5 or FP6. |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
