【发布时间】:2019-04-18 01:30:03
【问题描述】:
我很难连接到我机构的 MQ v9。
MQ 团队向我提供了连接信息:-
String hostName = '...'
int port = ...
String queueManager = '...'
String channel = '...'
String userId = 'ABC123'
String password = '...'
给定以下代码...
JmsConnectionFactory cf = JmsFactoryFactory.
getInstance(WMQConstants.WMQ_PROVIDER).
createConnectionFactory()
cf.setStringProperty(WMQConstants.WMQ_HOST_NAME, hostName)
cf.setIntProperty(WMQConstants.WMQ_PORT, port)
cf.setStringProperty(WMQConstants.WMQ_CHANNEL, channel)
cf.setIntProperty(WMQConstants.WMQ_CONNECTION_MODE, WMQConstants.WMQ_CM_CLIENT)
cf.setStringProperty(WMQConstants.WMQ_QUEUE_MANAGER, queueManager)
cf.setStringProperty(WMQConstants.USERID, userId)
cf.setStringProperty(WMQConstants.PASSWORD, password)
// tried with both `true` and `false`... same error
cf.setBooleanProperty(WMQConstants.USER_AUTHENTICATION_MQCSP, true)
Connection connection = cf.createConnection()
connection.start()
connection.close()
...我收到此错误:-
Exception in thread "main" com.ibm.msg.client.jms.DetailedJMSSecurityException:
JMSWMQ2013: The security authentication was not valid
that was supplied for queue manager '...' with connection
mode 'Client' and host name '...'.
Please check if the supplied username and password
are correct on the queue manager to which you are
connecting.
Caused by: com.ibm.mq.MQException: JMSCMQ0001: IBM
MQ call failed with compcode '2' ('MQCC_FAILED') reason
'2035' ('MQRC_NOT_AUTHORIZED').
MQ 团队告诉我日志有这样的内容:-
----- amqzfuca.c : 4527 -------------------------------------------------------
04/17/2019 10:32:20 AM - Process(10468.40757) User(...) Program(...)
Host(...) Installation(Installation1)
VRMF(9.1.0.1) QMgr(...)
Time(2019-04-17T15:32:20.542Z)
RemoteHost(...)
CommentInsert1(...)
CommentInsert2(...)
CommentInsert3(CLNTUSER(XYZ) ADDRESS(...))
AMQ9777E: Channel was blocked
EXPLANATION:
The inbound channel '...' was blocked from address '...'
because the active values of the channel matched a record
configured with USERSRC(NOACCESS). The active values of the channel were
'CLNTUSER(XYZ) ADDRESS(...)'.
...它失败了,因为它使用了错误的凭据进行连接。
虽然我传递了不同的凭据(用户 ID:ABC123),但 MQ 日志会看到我用来登录机器的用户 ID(用户 ID:XYZ)。
为什么我明确传入的凭据被省略了?我该如何解决这个问题?
我正在使用这个依赖:
<dependency>
<groupId>com.ibm.mq</groupId>
<artifactId>com.ibm.mq.allclient</artifactId>
<version>9.1.2.0</version>
</dependency>
我没有使用 IBM JRE……更准确地说,我在我的 Mac 上使用 Oracle JDK 1.8,如果有帮助的话。
谢谢。
2019 年 4 月 22 日更新
我现在能够从 MQ 团队获得更准确的日志,因为我同时尝试了太多事情。
如果我将USER_AUTHENTICATION_MQCSP 设置为true,那么我的机器的用户ID (XYZ) 就会被传入。
如果我将USER_AUTHENTICATION_MQCSP 设置为false,那么我现在会收到不同的错误消息:-
04/22/2019 01:19:49 PM - Process(1147099.9759) User(...) Program(...)
Host(rofesb911a) Installation(Installation1)
VRMF(9.1.0.1) QMgr(...)
Time(2019-04-22T18:19:49.323Z)
RemoteHost(...)
CommentInsert1(wa03598)
CommentInsert2(REQUIRED)
CommentInsert3(MCAUSER(ABC123) CLNTUSER(ABC123) ADDRESS(...))
AMQ9790I: The failed authentication check was caused by a CHLAUTH record with
CHCKCLNT(REQUIRED).
EXPLANATION:
The user ID 'ABC123' and its password were checked because the inbound
connection matched a channel authentication record with CHCKCLNT(REQUIRED).
The active values of the channel were 'MCAUSER(ABC123) CLNTUSER(ABC123)
ADDRESS(...)'. The MATCH(RUNCHECK) mode of the DISPLAY CHLAUTH
MQSC command can be used to identify the relevant CHLAUTH record.
好消息是它看到了正确的用户 ID (ABC123),但有人告诉我密码无效。我不认为这是密码问题,因为我能够使用相同的凭据访问其他受保护的 Web 服务。
【问题讨论】:
-
队列管理器连接对象是否有
ADOPTCTX(YES)?频道的CLNTUSER值是否会根据您设置USER_AUTHENTICATION_MQCSP的方式而改变?您能否提供该频道的所有CHLAUTH规则? -
USERID属性中指定的值的长度是多少? -
当您将 csp 设置为 false 时,让他们仔细检查错误。
-
你能检查一下
qm.ini中是否有ChlAuthEarlyAdopt=Y吗?如果没有这个,CHLAUTH规则只会对运行进程的用户起作用,而不是像USERID那样设置USER_AUTHENTICATION_MQCSP=true。如果你设置了USER_AUTHENTICATION_MQCSP=false,那么它应该没关系,CHLAUTH就可以了。 -
您的密码长度是否可能大于 12 个字符?将 USER_AUTHENTICATION_MQCSP 设置为 false 会限制密码的长度。