Send to MQ from java always uses the default mqm userid for IBM MQ version 6.0

Question

Send to MQ from java always uses the default mqm userid for IBM MQ version 6.0

Our code works in weblogic and we are MQ 6.0. Regardless of whether I use createQueueConnection() or createQueueConnection("myuserid","mypassword") by default, userid mqm always used. See code below.

When I connect from version 6.0 to an earlier installation of mq 5, it seems that you selected the following javax.jms.JMSSecurityException: MQJMS2013: invalid security authentication supplied for MQQueueManager error javax.jms.JMSSecurityException: MQJMS2013: invalid security authentication supplied for MQQueueManager by default createQueueConnection() if I do not send an empty user ID / password, as in createQueueConnection("","")

How can I get myuserid instead of sending?

 Hashtable properties = new Hashtable(2); properties.put(Context.PROVIDER_URL,context); properties.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.fscontext.RefFSContextFactory"); InitialContext ctx = new InitialContext(properties); QueueConnectionFactory qcf = (QueueConnectionFactory) ctx.lookup("QCF"); QueueConnection qc = qcf.createQueueConnection(); javax.jms.Queue q = (javax.jms.Queue) ctx.lookup("MYQUEUE"); QueueSession qs = qc.createQueueSession(false, Session.AUTO_ACKNOWLEDGE); TextMessage tm = qs.createTextMessage(); tm.setText(outString); QueueSender sender = qs.createSender(q); sender.send(tm); sender.close(); qs.close(); qc.close();

+4

java weblogic jms ibm-mq

mrjohn Sep 23 '10 at 19:26

source share

1 answer

T.Rob · Accepted Answer · 2010-09-24T01:38:58+0000

If you set the identifier to createQueueConnection, be sure that it appears to the queue manager. The problem you see is that the channel definition of SVRCONN on QMgr is set to MCAUSER ('mqm') hardcoded. This overrides any value represented by the client application.

A few things to note here.

Although you can send an ID and password, WMQ accepts them at face value. These fields exist to make the credentials available to the channel exit, which can verify them. Without this output, the channel simply works like any identifier that the application claims, and the password is ignored.
For the reason stated above, I always tell people not to trust the credentials provided unless they have such an option. The administrator must encode the corresponding value in MCAUSER.
Admin ID ("mqm" on UNIX variants) is NOT a valid value. It provides administrative authority to anyone who connects to this channel.

For more information on this subject and pointers to the WMQ Security Presentation and IMPACT WMQ Security Security Guide, see this SO question .

Send to MQ from java always uses the default mqm userid for IBM MQ version 6.0

More articles: