Topic
  • 9 replies
  • Latest Post - ‏2012-09-27T02:56:05Z by LI.YG
LI.YG
LI.YG
14 Posts

Pinned topic MQ client connection testing

‏2012-08-22T06:28:19Z |
Hi everyone,

I am trying to test an MQ connection, from a client to a server. Two methods are tried out. Method 1 does not work, while method 2 works. Method 2 is provided by my SA, but I believe Method 1 should be frequently used too. The default port 1414 is used. The server is MQ version 7.01; and the client is version 6. I searched quite some posts online, but cannot find the answer. Any hint is appreciated.
Method 1

C:\Program Files\IBM\WebSphere MQ\bin>amqscnxc -x 10.92.33.224 -c MINIQ.JANUS1.T1 JANUS1
Sample AMQSCNXC start
Connecting to queue manager JANUS1
using the server connection channel MINIQ.JANUS1.T1
on connection name 10.92.33.224.
MQCONNX ended with reason code 2035

Method 2 (in *Java*)

int openOptions = MQC.MQOO_OUTPUT | MQC.MQOO_FAIL_IF_QUIESCING;
Hashtable table = new Hashtable();
table.put(MQC.HOST_NAME_PROPERTY, "10.92.33.224");
table.put(MQC.CHANNEL_PROPERTY, "MINIQ.JANUS1.T1");
mqMgr = new MQQueueManager("JANUS1", table);
mqMsgOpt = new MQPutMessageOptions();
mqPutQ = mqMgr.accessQueue("MINI.MX.SIT.REQ", openOptions, null, null, null);
System.out.println("Connected to Q:" + "MINI.MX.SIT.REQ");
Updated on 2012-09-27T02:56:05Z at 2012-09-27T02:56:05Z by LI.YG
  • SystemAdmin
    SystemAdmin
    8523 Posts

    Re: MQ client connection testing

    ‏2012-08-23T05:12:48Z  
    Method 1: 2035 = not authorized. Most likely the MCAUSER set on the SVRCONN channel "MINIQ.JANUS1.T1" does not have authority to connect to the qmgr.

    Method 2: Java may be asserting some other userid on the SVRCONN channel, which does have authority to connect.
  • LI.YG
    LI.YG
    14 Posts

    Re: MQ client connection testing

    ‏2012-08-23T07:08:22Z  
    Method 1: 2035 = not authorized. Most likely the MCAUSER set on the SVRCONN channel "MINIQ.JANUS1.T1" does not have authority to connect to the qmgr.

    Method 2: Java may be asserting some other userid on the SVRCONN channel, which does have authority to connect.
    The MCAUSER is set to null as show in the attached screenshot.

    May I know how to check the mcauser assigned to a channel? And how can I specify mcauser for amqscnxc? Or I can do nothing at the client side?

    Thanks

    -YG
  • SystemAdmin
    SystemAdmin
    8523 Posts

    Re: MQ client connection testing

    ‏2012-08-24T00:37:37Z  
    • LI.YG
    • ‏2012-08-23T07:08:22Z
    The MCAUSER is set to null as show in the attached screenshot.

    May I know how to check the mcauser assigned to a channel? And how can I specify mcauser for amqscnxc? Or I can do nothing at the client side?

    Thanks

    -YG
    k, I can see that MCAUSER is blank. This means that connecting clients should run as the userid of the MCA pool process (amqrmppa). This userid is normally mqm (on UNIX) and should not result in a 2035 reason code! (unless something is screwed up in OAM profiles)

    If you use amqsputc instead of amqscnxc, the channel will stay running until you hit Enter. You will need to set the MQSERVER environment variable to specify the client connection channel details. DIS CHS(chlname) ALL on the running channel will then show the effective MCAUSER that is used for authorization checks.
  • LI.YG
    LI.YG
    14 Posts

    Re: MQ client connection testing

    ‏2012-08-27T03:11:21Z  
    k, I can see that MCAUSER is blank. This means that connecting clients should run as the userid of the MCA pool process (amqrmppa). This userid is normally mqm (on UNIX) and should not result in a 2035 reason code! (unless something is screwed up in OAM profiles)

    If you use amqsputc instead of amqscnxc, the channel will stay running until you hit Enter. You will need to set the MQSERVER environment variable to specify the client connection channel details. DIS CHS(chlname) ALL on the running channel will then show the effective MCAUSER that is used for authorization checks.
    I modified the java code to test the MCAUSER (I am using WinXP).

    The below code works. So I assume "" is one of the effective user id.
    table.put(MQC.USER_ID_PROPERTY, "");

    It does not work when using MUSR_MQADMIN or some random strings (I got 2035).
    table.put(MQC.USER_ID_PROPERTY, "MUSR_MQADMIN");

    I did try out amqsputc before. MQSERVER was set properly, and the same error code was returned. Is there anyway I can set MCAUSER? I tried "set MCAUSER=", but it did not work.

    Regards
    -YG
  • SystemAdmin
    SystemAdmin
    8523 Posts

    Re: MQ client connection testing

    ‏2012-08-27T05:16:59Z  
    • LI.YG
    • ‏2012-08-27T03:11:21Z
    I modified the java code to test the MCAUSER (I am using WinXP).

    The below code works. So I assume "" is one of the effective user id.
    table.put(MQC.USER_ID_PROPERTY, "");

    It does not work when using MUSR_MQADMIN or some random strings (I got 2035).
    table.put(MQC.USER_ID_PROPERTY, "MUSR_MQADMIN");

    I did try out amqsputc before. MQSERVER was set properly, and the same error code was returned. Is there anyway I can set MCAUSER? I tried "set MCAUSER=", but it did not work.

    Regards
    -YG
    >Is there anyway I can set MCAUSER?

    Yes, on the SVRCONN channel definition. Think about it. It would be an extreme security hole if the client could set the channel's effective userid to anything they like.
  • LI.YG
    LI.YG
    14 Posts

    Re: MQ client connection testing

    ‏2012-08-27T05:35:10Z  
    >Is there anyway I can set MCAUSER?

    Yes, on the SVRCONN channel definition. Think about it. It would be an extreme security hole if the client could set the channel's effective userid to anything they like.
    Sorry, I did not make it clear. What I mean is at client side, is there a way to specify MCAUSER for amqsputc, like what we can do for MQSERVER. Thanks.

    Regards
    -YG
  • LI.YG
    LI.YG
    14 Posts

    Re: MQ client connection testing

    ‏2012-08-31T09:05:33Z  
    • LI.YG
    • ‏2012-08-27T05:35:10Z
    Sorry, I did not make it clear. What I mean is at client side, is there a way to specify MCAUSER for amqsputc, like what we can do for MQSERVER. Thanks.

    Regards
    -YG
    I got more testing results:

    the java program works with either "" or "MQM" as the user id.

    public static void main(String[] args) {
    try {
    java.util.Hashtable table = new java.util.Hashtable();
    //table.put(MQC.TRANSPORT_PROPERTY, MQC.TRANSPORT_MQSERIES_CLIENT);
    table.put(MQC.HOST_NAME_PROPERTY, "10.92.33.224");
    table.put(MQC.CHANNEL_PROPERTY, "MINIQ.JANUS1.T1");
    table.put(MQC.USER_ID_PROPERTY, "");
    MQQueueManager mqMgr = new MQQueueManager("JANUS1", table);
    System.out.println("Connected Successfully");
    } catch (Exception e)
    {
    System.out.println(e.toString());
    }
    }
    the C# program does not work with either of them.

    static void Main(string[] args)
    {
    try
    {
    Hashtable qmProperties = new Hashtable();
    //qmPropertieshttp://MQC.TRANSPORT_PROPERTY = MQC.TRANSPORT_MQSERIES_CLIENT;
    qmPropertieshttp://MQC.HOST_NAME_PROPERTY = "10.92.33.224";
    qmPropertieshttp://MQC.PORT_PROPERTY = 1414;
    qmPropertieshttp://MQC.CHANNEL_PROPERTY = "MINIQ.JANUS1.T1";
    qmPropertieshttp://MQC.USER_ID_PROPERTY = "";
    MQQueueManager queueManager = new MQQueueManager("JANUS1", qmProperties);
    Console.WriteLine("Connected Successfully");
    }
    catch (MQException mexc)
    {
    // TODO: Setup other exception handling
    throw new Exception(mexc.Message + " ReasonCode: " + mexc.ReasonCode, mexc);
    }
    }

    Seems java can interpret the user id correctly.
  • LI.YG
    LI.YG
    14 Posts

    Re: MQ client connection testing

    ‏2012-09-27T02:51:17Z  
    • LI.YG
    • ‏2012-08-31T09:05:33Z
    I got more testing results:

    the java program works with either "" or "MQM" as the user id.

    public static void main(String[] args) {
    try {
    java.util.Hashtable table = new java.util.Hashtable();
    //table.put(MQC.TRANSPORT_PROPERTY, MQC.TRANSPORT_MQSERIES_CLIENT);
    table.put(MQC.HOST_NAME_PROPERTY, "10.92.33.224");
    table.put(MQC.CHANNEL_PROPERTY, "MINIQ.JANUS1.T1");
    table.put(MQC.USER_ID_PROPERTY, "");
    MQQueueManager mqMgr = new MQQueueManager("JANUS1", table);
    System.out.println("Connected Successfully");
    } catch (Exception e)
    {
    System.out.println(e.toString());
    }
    }
    the C# program does not work with either of them.

    static void Main(string[] args)
    {
    try
    {
    Hashtable qmProperties = new Hashtable();
    //qmPropertieshttp://MQC.TRANSPORT_PROPERTY = MQC.TRANSPORT_MQSERIES_CLIENT;
    qmPropertieshttp://MQC.HOST_NAME_PROPERTY = "10.92.33.224";
    qmPropertieshttp://MQC.PORT_PROPERTY = 1414;
    qmPropertieshttp://MQC.CHANNEL_PROPERTY = "MINIQ.JANUS1.T1";
    qmPropertieshttp://MQC.USER_ID_PROPERTY = "";
    MQQueueManager queueManager = new MQQueueManager("JANUS1", qmProperties);
    Console.WriteLine("Connected Successfully");
    }
    catch (MQException mexc)
    {
    // TODO: Setup other exception handling
    throw new Exception(mexc.Message + " ReasonCode: " + mexc.ReasonCode, mexc);
    }
    }

    Seems java can interpret the user id correctly.
    I got the answer with the help of IBM MQ support team. Just share with everyone the findings.

    if server mca = '' and client mca = '', python/c# will fail while java can succeed.
    java works because windows uid is not used, while other PLs set client mca = windows id
    if server mca = 'abcd' and client mca = 'abcd', all can work.

    Enjoy MQ!
  • LI.YG
    LI.YG
    14 Posts

    Re: MQ client connection testing

    ‏2012-09-27T02:56:05Z  
    • LI.YG
    • ‏2012-09-27T02:51:17Z
    I got the answer with the help of IBM MQ support team. Just share with everyone the findings.

    if server mca = '' and client mca = '', python/c# will fail while java can succeed.
    java works because windows uid is not used, while other PLs set client mca = windows id
    if server mca = 'abcd' and client mca = 'abcd', all can work.

    Enjoy MQ!
    And thanks a lot to GlennBaddeley:)