Java 如何将用户定义的用户名从IBM Websphere Application server传递到AS400 MQ server进行身份验证?
我在连接AS400 MQ本地队列时遇到问题,其拒绝代码为JMSWMQ2013 我的appserver的用户名为mquser@mydomain.com但在AS400中,我无法在MQ对象权限中指定用户名 是否有任何方法可以从windows机器上的Websphere Appserver连接到AS400机器中定义的队列 以下是我在连接时遇到的错误:Java 如何将用户定义的用户名从IBM Websphere Application server传递到AS400 MQ server进行身份验证?,java,jms,websphere,ibm-mq,ibm-midrange,Java,Jms,Websphere,Ibm Mq,Ibm Midrange,我在连接AS400 MQ本地队列时遇到问题,其拒绝代码为JMSWMQ2013 我的appserver的用户名为mquser@mydomain.com但在AS400中,我无法在MQ对象权限中指定用户名 是否有任何方法可以从windows机器上的Websphere Appserver连接到AS400机器中定义的队列 以下是我在连接时遇到的错误: FFDC Exception:com.ibm.msg.client.jms.DetailedJMSSecurityException SourceId:co
FFDC Exception:com.ibm.msg.client.jms.DetailedJMSSecurityException SourceId:com.ibm.ejs.jms.JMSManagedQueueConnection.createConnection ProbeId:116 Reporter:com.ibm.ejs.jms.JMSManagedQueueConnection@db6f33e4
com.ibm.msg.client.jms.DetailedJMSSecurityException: JMSWMQ2013: The security authentication was not valid that was supplied for QueueManager 'TESTQMGR' with connection mode 'Client' and host name 'AS400T(1416)'.
Please check if the supplied username and password are correct on the QueueManager to which you are connecting.
Root cause:
JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2035' ('MQRC_NOT_AUTHORIZED').
at com.ibm.msg.client.wmq.common.internal.Reason.createException(Reason.java:204)
可能需要定义单独的J2C身份验证别名并将其映射到连接工厂。我的appserver的用户名是什么意思mquser@mydomain.com? 查看此页面以了解更多详细信息: MQ拒绝连接的两个最可能的原因如下:
1. The user identifier passed across the client connection from the application
server to MQ is not known on the server where the MQ queue manager is running,
is not authorised to connect to MQ, or is longer than 12 characters and has
been truncated.
For queue managers running on Windows, the following error might be seen in
the MQ error logs for this scenario:
AMQ8075: Authorization failed because the SID for entity 'wasuser'
cannot be obtained.
For UNIX no entry in the MQ error logs would be seen by default.
See technote MQS_REPORT_NOAUTH environment variable can be used
to better diagnose return code 2035 for details of enabling error log
entries on all platforms.
2. The user identifier passed across the client connection from the
application server to MQ is a member of the 'mqm' group on the server
hosting the MQ queue manager, and a Channel Authentication Record (CHLAUTH)
exists that blocks administrative access to the queue manager.
WebSphere MQ configures a CHLAUTH record by default in WebSphere MQ
Version 7.1 and later that blocks all MQ admins from connecting
as a client to the queue manager.
The following error in the MQ error logs would be seen for
this scenario: AMQ9777: Channel was blocked
可能需要定义单独的J2C身份验证别名并将其映射到连接工厂。我的appserver的用户名是什么意思mquser@mydomain.com? 查看此页面以了解更多详细信息: MQ拒绝连接的两个最可能的原因如下:
1. The user identifier passed across the client connection from the application
server to MQ is not known on the server where the MQ queue manager is running,
is not authorised to connect to MQ, or is longer than 12 characters and has
been truncated.
For queue managers running on Windows, the following error might be seen in
the MQ error logs for this scenario:
AMQ8075: Authorization failed because the SID for entity 'wasuser'
cannot be obtained.
For UNIX no entry in the MQ error logs would be seen by default.
See technote MQS_REPORT_NOAUTH environment variable can be used
to better diagnose return code 2035 for details of enabling error log
entries on all platforms.
2. The user identifier passed across the client connection from the
application server to MQ is a member of the 'mqm' group on the server
hosting the MQ queue manager, and a Channel Authentication Record (CHLAUTH)
exists that blocks administrative access to the queue manager.
WebSphere MQ configures a CHLAUTH record by default in WebSphere MQ
Version 7.1 and later that blocks all MQ admins from connecting
as a client to the queue manager.
The following error in the MQ error logs would be seen for
this scenario: AMQ9777: Channel was blocked
在后面的注释中指出,您正在AS/400上使用MQ V7.0 您的问题详细说明您有一个用户IDmquser@mydomain.comAS/400 O/S将不会识别这些信息 因此,您正在寻找一种方法,为您从Windows上的应用程序服务器建立的连接分配用户ID,以便它可以使用AS/400队列管理器上可识别的用户ID运行 由于您是V7.1之前的版本,因此无法使用CHLAUTH规则,因此您的选择是 写一个安全出口来完成它或购买/下载一个 为此连接提供自己的通道,并将SVRCONN上的MCAUSER设置为AS/400 O/S已知和识别的内容。在这种情况下,还请确保您具有某种形式的身份验证,例如SSL/TLS,以便其他人无法使用此通道。
在后面的注释中指出,您正在AS/400上使用MQ V7.0 您的问题详细说明您有一个用户IDmquser@mydomain.comAS/400 O/S将不会识别这些信息 因此,您正在寻找一种方法,为您从Windows上的应用程序服务器建立的连接分配用户ID,以便它可以使用AS/400队列管理器上可识别的用户ID运行 由于您是V7.1之前的版本,因此无法使用CHLAUTH规则,因此您的选择是 写一个安全出口来完成它或购买/下载一个 为此连接提供自己的通道,并将SVRCONN上的MCAUSER设置为AS/400 O/S已知和识别的内容。在这种情况下,还请确保您具有某种形式的身份验证,例如SSL/TLS,以便其他人无法使用此通道。 是,可以通过MQQueueConnectionFactory上的setStringProperty传递用户名和密码 所需进口:
import com.ibm.mq.jms.MQQueueConnectionFactory;
import com.ibm.msg.client.wmq.WMQConstants;
compile('com.ibm.mq:com.ibm.mq.allclient:9.0.5.0')
import com.ibm.mq.jms.MQQueueConnectionFactory;
import com.ibm.msg.client.wmq.WMQConstants;
compile('com.ibm.mq:com.ibm.mq.allclient:9.0.5.0')
部分代码取自此谢谢您的回复。我们面临的问题是AS400机器,用户应用程序的数量超过12个,而且MQ中没有用于身份验证记录的选项,因为它是Websphere MQ 7.0。我认为这与授予权力有关。但有一件事我在一个队列中注意到了,那就是我用于侦听器的连接。但对于我试图放置的其他队列,消息有问题,错误代码为2035 error。如果你有什么解决办法,请告诉我。谢谢…谢谢你的回复。我们面临的问题是AS400机器,用户应用程序的数量超过12个,而且MQ中没有用于身份验证记录的选项,因为它是Websphere MQ 7.0。我认为这与授予权力有关。但有一件事我在一个队列中注意到了,那就是我用于侦听器的连接。但对于我试图放置的其他队列,消息有问题,错误代码为2035 error。如果你有什么解决办法,请告诉我。谢谢