我在连接AS400 MQ本地队列时遇到问题,它被代码JMSWMQ2013拒绝。
我的应用服务器有一个用户名作为mquser@mydomain.com,但在AS400中,我无法在MQ对象授权中提供指定的用户名。
有没有办法从windows机器上的Websphere Appserver连接到AS400机器中定义的队列?
以下是我在连接时遇到的错误:
FFDC Exception:com.ibm.msg.client.jms.DetailedJMSSecurityException SourceId:com.ibm.ejs.jms.JMSManagedQueueConnection.createConnection ProbeId:116 Reporter:com.ibm.ejs.jms.JMSManagedQueueConnection@db6f33e4
com.ibm.msg.client.jms.DetailedJMSSecurityException: JMSWMQ2013: The security authentication was not valid that was supplied for QueueManager 'TESTQMGR' with connection mode 'Client' and host name 'AS400T(1416)'.
Please check if the supplied username and password are correct on the QueueManager to which you are connecting.
Root cause:
JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2035' ('MQRC_NOT_AUTHORIZED').
at com.ibm.msg.client.wmq.common.internal.Reason.createException(Reason.java:204)
也许您需要定义单独的J2C身份验证别名,并将其映射到连接工厂。My appserver has a username as mquser@mydomain.com是什么意思?
查看此页面2035 MQRC_NOT_AUTHORIZED连接到WebSphere MQ以了解更多详细信息:
MQ拒绝连接的两个最可能原因如下:
1. The user identifier passed across the client connection from the application server to MQ is not known on the server where the MQ queue manager is running, is not authorised to connect to MQ, or is longer than 12 characters and has been truncated. For queue managers running on Windows, the following error might be seen in the MQ error logs for this scenario: AMQ8075: Authorization failed because the SID for entity 'wasuser' cannot be obtained. For UNIX no entry in the MQ error logs would be seen by default. See technote MQS_REPORT_NOAUTH environment variable can be used to better diagnose return code 2035 for details of enabling error log entries on all platforms. 2. The user identifier passed across the client connection from the application server to MQ is a member of the 'mqm' group on the server hosting the MQ queue manager, and a Channel Authentication Record (CHLAUTH) exists that blocks administrative access to the queue manager. WebSphere MQ configures a CHLAUTH record by default in WebSphere MQ Version 7.1 and later that blocks all MQ admins from connecting as a client to the queue manager. The following error in the MQ error logs would be seen for this scenario: AMQ9777: Channel was blocked
您在稍后的注释中指出您正在AS/400上使用MQ V7.0。
您的问题详细说明您有用户IDmquser@mydomain.com这将不会被AS/400 O/S识别。
因此,您正在寻找一种方法,为您从Windows上的应用程序服务器进行的连接分配用户ID,以便它可以使用AS/400队列管理器上识别的用户ID运行。
由于您是V7.1之前的版本,因此不能使用CHLAUTH规则,因此您的选择是
- 编写一个安全出口(或购买/下载一个)
- 为该连接提供自己的通道,并将SVRCONN上的MCAUSER设置为AS/400 O/S已知和识别的值。在这种情况下,还请确保您有某种形式的身份验证,例如SSL/TLS,这样其他人就不能使用此通道
是,用户名和密码可以在MQQueueConnectionFactory 上与setStringProperty一起传递
MQQueueConnectionFactory mqConFactory = new MQQueueConnectionFactory();
mqConFactory.setStringProperty(WMQConstants.USERID, "username");
mqConFactory.setStringProperty(WMQConstants.PASSWORD, "password");
//other configs
mqConFactory.setHostName("MQ_HOST");
mqConFactory.setChannel("MQ_CHANNEL");//communications link
mqConFactory.setPort("MQ_PORT");
mqConFactory.setQueueManager("MQ_MANAGER");//service provider
mqConFactory.setTransportType(JMSC.MQJMS_TP_CLIENT_MQ_TCPIP);
所需进口:
import com.ibm.mq.jms.MQQueueConnectionFactory;
import com.ibm.msg.client.wmq.WMQConstants;
依赖性jar:
compile('com.ibm.mq:com.ibm.mq.allclient:9.0.5.0')
部分代码取自此页面