Topic
11 replies Latest Post - ‏2012-11-27T20:15:28Z by scottpecnik
scottpecnik
scottpecnik
7 Posts
ACCEPTED ANSWER

Pinned topic Connect to DB2 via TSO Functional ID (no password)

‏2012-09-10T23:17:18Z |
Hi,

I'm running into an issue with one of my clients while attempting to connect to DB2 on z via java. I've written a custom extension to IBM Rational Team Concert that accesses DB2 from omvs. Right now the code simply uses DriverManager#getConnection() to establish a connection to the database. In the code I am using my TSO id and password to satisfy the jdbc driver. The problem I have is that my TSO password expires every 30 days, causing me to have to update the code once a month. In addition, this is extremely bad practice. The java code I have written is run by a functional TSO ID that does not have a password (it's a system user). How can I inherit the rights of that funcational ID in order to connect to DB2 as that system user? I know this is possible in MVS via REXX or COBOL, but am having trouble figuring out how to do so in Java. I also know that this can be done in Websphere by establishing a datasource, but I don't have the luxury of running in a container like that.

Any help would be greatly appreciated. Thanks in advance!

Scott
Updated on 2012-11-27T20:15:28Z at 2012-11-27T20:15:28Z by scottpecnik
  • ljkarl
    ljkarl
    5 Posts
    ACCEPTED ANSWER

    Re: Connect to DB2 via TSO Functional ID (no password)

    ‏2012-09-11T13:46:13Z  in response to scottpecnik
    My suggestion is based on using RACF. Use it to setup a non segmented id (nonloggable) with an associated non-expiring password. This will solve the password expiration issue you described.

    Larry Karl.
    • scottpecnik
      scottpecnik
      7 Posts
      ACCEPTED ANSWER

      Re: Connect to DB2 via TSO Functional ID (no password)

      ‏2012-09-11T15:23:18Z  in response to ljkarl
      Hi Larry,

      Thanks for the response. This was my first thought in trying to solve the problem, unfortunately my client is a large bank with lots of restrictions on their mainframe and won't allow it. What I need is to be able to inherit the RACF abilities of the functional ID my code is running as. They are able to do this with java via WAS. WAS is run as a TSO functional id without a password that has the authorities they need. When they setup a datasource in the WAS admin console, they inherit the rights of that user and don't need to provide a username or password. This is exactly what I'd like to do, but of course i'm not and cannot run on top of WAS.

      Scott
      • SystemAdmin
        SystemAdmin
        3105 Posts
        ACCEPTED ANSWER

        Re: Connect to DB2 via TSO Functional ID (no password)

        ‏2012-09-11T16:02:01Z  in response to scottpecnik
        Hi Scott,

        Can you use a type 2 JDBC connection (vs. type 4 to bypass the ID/pw)?

        If you're using OMVS, the connection to a local DB2 subsystem should be the same as the ID of your OMVS user session (which you might conceivably play with via SU & spawn inheritance, etc. in your application).

        For remote DB2 systems (not on the same LPAR as your OMVS session), you may be able to set up the communications database to pass a specific connection ID other than the locally connected user.

        Good luck.

        Peter
        • scottpecnik
          scottpecnik
          7 Posts
          ACCEPTED ANSWER

          Re: Connect to DB2 via TSO Functional ID (no password)

          ‏2012-09-11T20:25:13Z  in response to SystemAdmin
          Hi Peter,

          Thanks for the suggestion, this seems very promising. I attempted to make a connection using jdbc type 2 (which it seems the drivers are capable of both type 2 and 4, it's just the way you construct your URL), and am getting the below error. I'll follow up with our mainframe team at my client, but wondering if anyone has seen this before and have been able to get past it. I'm wondering if I just need to setup some paths in an environment variables, or if it's more complex and something I need to tweak in the java install.

          
          com.ibm.db2.jcc.am.SqlException: [jcc][10389][12245][4.8.86] Failure in loading 
          
          native library db2jcct2zos4, java.lang.UnsatisfiedLinkError: db2jcct2zos4 (Not found in java.library.path):  ERRORCODE=-4472, SQLSTATE=
          
          null at com.ibm.db2.jcc.am.gd.a(gd.java:660) at com.ibm.db2.jcc.am.gd.a(gd.java:60) at com.ibm.db2.jcc.am.gd.a(gd.java:94) at com.ibm.db2.jcc.t2.a.a(a.java:37) at com.ibm.db2.jcc.t2zos.T2zosConfiguration.e(T2zosConfiguration.java:772) at com.ibm.db2.jcc.t2.T2Configuration.<clinit>(T2Configuration.java:83) at java.lang.J9VMInternals.initializeImpl(Native Method) at java.lang.J9VMInternals.initialize(J9VMInternals.java:228) at com.ibm.db2.jcc.DB2Driver.connect(DB2Driver.java:420) at java.sql.DriverManager.getConnection(DriverManager.java:379) at java.sql.DriverManager.getConnection(DriverManager.java:330) at com.citi.sepg.DataSource.go(DataSource.java:25) at com.citi.sepg.DataSource.main(DataSource.java:13) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37) at java.lang.reflect.Method.invoke(Method.java:611) at org.eclipse.jdt.internal.jarinjarloader.JarRsrcLoader.main(JarRsrcLoader.java:58) com.ibm.db2.jcc.am.SqlException: [jcc][10389][12245][4.8.86] Failure in loading 
          
          native library db2jcct2zos4, java.lang.UnsatisfiedLinkError: db2jcct2zos4 (Not found in java.library.path):  ERRORCODE=-4472, SQLSTATE=
          
          null at com.ibm.db2.jcc.am.gd.a(gd.java:660) at com.ibm.db2.jcc.am.gd.a(gd.java:60) at com.ibm.db2.jcc.am.gd.a(gd.java:94) at com.ibm.db2.jcc.t2.a.a(a.java:37) at com.ibm.db2.jcc.t2zos.T2zosConfiguration.e(T2zosConfiguration.java:772) at com.ibm.db2.jcc.t2.T2Configuration.<clinit>(T2Configuration.java:83) at java.lang.J9VMInternals.initializeImpl(Native Method) at java.lang.J9VMInternals.initialize(J9VMInternals.java:228) at com.ibm.db2.jcc.DB2Driver.connect(DB2Driver.java:420) at java.sql.DriverManager.getConnection(DriverManager.java:379) at java.sql.DriverManager.getConnection(DriverManager.java:330) at com.citi.sepg.DataSource.go(DataSource.java:25) at com.citi.sepg.DataSource.main(DataSource.java:13) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37) at java.lang.reflect.Method.invoke(Method.java:611) at org.eclipse.jdt.internal.jarinjarloader.JarRsrcLoader.main(JarRsrcLoader.java:58) com.ibm.db2.jcc.am.SqlException: [jcc][50053][12310][4.8.86] T2zOS exception: [jcc][T2zos]T2zosConfiguration.init: Although there are many possible causes 
          
          for the failure to load the JCC type 2 z/OS DLL, the most common causes that should be reviewed are: 1) Incorrect or missing LIBPATH setting; 2) incorrect or missing STEPLIB; 3) attempting to run in an APF authorized execution environment using an HFS resident JCC type 2 z/OS DLL that does not have the necessary HFS extended attribute setting 
          
          for use in an APF authorized environment. ERRORCODE=-4228, SQLSTATE=
          
          null at com.ibm.db2.jcc.am.gd.a(gd.java:660) at com.ibm.db2.jcc.am.gd.a(gd.java:60) at com.ibm.db2.jcc.am.gd.a(gd.java:103) at com.ibm.db2.jcc.t2zos.cb.a(cb.java:338) at com.ibm.db2.jcc.t2zos.cb.a(cb.java:382) at com.ibm.db2.jcc.t2zos.cb.a(cb.java:450) at com.ibm.db2.jcc.t2zos.cb.a(cb.java:2085) at com.ibm.db2.jcc.t2zos.T2zosConfiguration.e(T2zosConfiguration.java:775) at com.ibm.db2.jcc.t2.T2Configuration.<clinit>(T2Configuration.java:83) at java.lang.J9VMInternals.initializeImpl(Native Method) at java.lang.J9VMInternals.initialize(J9VMInternals.java:228) at com.ibm.db2.jcc.DB2Driver.connect(DB2Driver.java:420) at java.sql.DriverManager.getConnection(DriverManager.java:379) at java.sql.DriverManager.getConnection(DriverManager.java:330) at com.citi.sepg.DataSource.go(DataSource.java:25) at com.citi.sepg.DataSource.main(DataSource.java:13) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37) at java.lang.reflect.Method.invoke(Method.java:611) at org.eclipse.jdt.internal.jarinjarloader.JarRsrcLoader.main(JarRsrcLoader.java:58) com.ibm.db2.jcc.am.SqlException: [jcc][50053][12310][4.8.86] T2zOS exception: [jcc][T2zos]T2zosConfiguration.init: Although there are many possible causes 
          
          for the failure to load the JCC type 2 z/OS DLL, the most common causes that should be reviewed are: 1) Incorrect or missing LIBPATH setting; 2) incorrect or missing STEPLIB; 3) attempting to run in an APF authorized execution environment using an HFS resident JCC type 2 z/OS DLL that does not have the necessary HFS extended attribute setting 
          
          for use in an APF authorized environment. ERRORCODE=-4228, SQLSTATE=
          
          null at com.ibm.db2.jcc.am.gd.a(gd.java:660) at com.ibm.db2.jcc.am.gd.a(gd.java:60) at com.ibm.db2.jcc.am.gd.a(gd.java:103) at com.ibm.db2.jcc.t2zos.cb.a(cb.java:338) at com.ibm.db2.jcc.t2zos.cb.a(cb.java:382) at com.ibm.db2.jcc.t2zos.cb.a(cb.java:450) at com.ibm.db2.jcc.t2zos.cb.a(cb.java:2085) at com.ibm.db2.jcc.t2zos.T2zosConfiguration.e(T2zosConfiguration.java:775) at com.ibm.db2.jcc.t2.T2Configuration.<clinit>(T2Configuration.java:83) at java.lang.J9VMInternals.initializeImpl(Native Method) at java.lang.J9VMInternals.initialize(J9VMInternals.java:228) at com.ibm.db2.jcc.DB2Driver.connect(DB2Driver.java:420) at java.sql.DriverManager.getConnection(DriverManager.java:379) at java.sql.DriverManager.getConnection(DriverManager.java:330) at com.citi.sepg.DataSource.go(DataSource.java:25) at com.citi.sepg.DataSource.main(DataSource.java:13) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37) at java.lang.reflect.Method.invoke(Method.java:611) at org.eclipse.jdt.internal.jarinjarloader.JarRsrcLoader.main(JarRsrcLoader.java:58) com.ibm.db2.jcc.am.SqlException: [jcc][10389][12245][4.8.86] Failure in loading 
          
          native library db2jcct2zos4, java.lang.UnsatisfiedLinkError: db2jcct2zos4 (Not found in java.library.path):  ERRORCODE=-4472, SQLSTATE=
          
          null at com.ibm.db2.jcc.am.gd.a(gd.java:660) at com.ibm.db2.jcc.am.gd.a(gd.java:60) at com.ibm.db2.jcc.am.gd.a(gd.java:94) at com.ibm.db2.jcc.t2.a.a(a.java:37) at com.ibm.db2.jcc.t2zos.T2zosConfiguration.e(T2zosConfiguration.java:772) at com.ibm.db2.jcc.t2.T2Configuration.<clinit>(T2Configuration.java:83) at java.lang.J9VMInternals.initializeImpl(Native Method) at java.lang.J9VMInternals.initialize(J9VMInternals.java:228) at com.ibm.db2.jcc.DB2Driver.connect(DB2Driver.java:420) at java.sql.DriverManager.getConnection(DriverManager.java:379) at java.sql.DriverManager.getConnection(DriverManager.java:330) at com.citi.sepg.DataSource.go(DataSource.java:25) at com.citi.sepg.DataSource.main(DataSource.java:13) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37) at java.lang.reflect.Method.invoke(Method.java:611) at org.eclipse.jdt.internal.jarinjarloader.JarRsrcLoader.main(JarRsrcLoader.java:58) Exception in thread 
          "main" java.lang.reflect.InvocationTargetException at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37) at java.lang.reflect.Method.invoke(Method.java:611) at org.eclipse.jdt.internal.jarinjarloader.JarRsrcLoader.main(JarRsrcLoader.java:58) Caused by: java.lang.NullPointerException at com.citi.sepg.DataSource.go(DataSource.java:32) at com.citi.sepg.DataSource.main(DataSource.java:13) ... 5 more
          


          Scott
  • SystemAdmin
    SystemAdmin
    3105 Posts
    ACCEPTED ANSWER

    Re: Connect to DB2 via TSO Functional ID (no password)

    ‏2012-09-12T14:16:35Z  in response to scottpecnik
    Hi Scott,

    The following settings in my .profile allow DB2 clp, jdbc type 2 & jdbc type 4. (I create an extra directory under $JDBCHOME for each subsystem containing subsystem specific properties files, etc., other than that, all standard naming conventions are used.)

    Peter

    export CLPHOME=/usr/lpp/db2a10/base
    export JDBCHOME=/usr/lpp/db2a10/jdbc
    export JAVA_HOME=/usr/lpp/java/J7.0
    export STEPLIB="DSNA10.DBAA.SDSNEXIT":\
    "DSNA10.SDSNLOAD":\
    "DSNA10.SDSNLOD2":\
    $STEPLIB;
    alias db2="java com.ibm.db2.clp.db2"
    export CLPPROPERTIESFILE=$CLPHOME/samples/clp.properties
    export PATH=/bin:\
    $JAVA_HOME/bin:\
    $CLPHOME/bin:\
    $JDBCHOME/bin:\
    $HOME:\
    .;
    export LIBPATH=/usr/lib:\
    $JAVA_HOME/bin:\
    $JAVA_HOME/bin/j9vm:\
    $CLPHOME/lib:\
    $JDBCHOME/lib;
    export CLASSPATH=\
    $CLPHOME/lib/clp.jar:\
    $JDBCHOME/classes/db2jcc4.jar:\
    $JDBCHOME/classes/db2jcc_license_cisuz.jar:\
    $JDBCHOME/classes/db2jcc_javax.jar:\
    $JDBCHOME/classes/sqlj.zip:\
    $JDBCHOME/DBAA:\
    $JAVA_HOME/lib/rt.jar:\
    .;
    export JAVA_PROPAGATE=YES
    • scottpecnik
      scottpecnik
      7 Posts
      ACCEPTED ANSWER

      Re: Connect to DB2 via TSO Functional ID (no password)

      ‏2012-09-12T20:02:35Z  in response to SystemAdmin
      Peter,

      Thanks for the dump of your .profile. I was able to find db2jcct2zos4 and add it to my path. That issue seems to be resolved, but now I have another (stacktrace below). The confusing thing is that libHIKM.so is in the lib/s390 directory of our JVM. It should be picked up automatically, but for some reason it isn't. I've tried explicitly pointing to it in every way imaginable. I'm working on the issue with our MVS team, but if anyone has seen this before it'd be a great help.

      Thanks,
      Scott

      
      Caused by: java.security.ProviderException: Unable to load libHIKM.so library at com.ibm.crypto.hdwrCCA.provider.HIKM.<clinit>(HIKM.java:14) at java.lang.J9VMInternals.initializeImpl(Native Method) at java.lang.J9VMInternals.initialize(J9VMInternals.java:228) ... 51 more Caused by: java.lang.UnsatisfiedLinkError: HIKM (Not found in java.library.path) at java.lang.ClassLoader.loadLibraryWithPath(ClassLoader.java:1053) at java.lang.ClassLoader.loadLibraryWithClassLoader(ClassLoader.java:1017) at java.lang.System.loadLibrary(System.java:474) at com.ibm.crypto.hdwrCCA.provider.HIKM.<clinit>(HIKM.java:3) ... 53 more
      


      Scott
  • SystemAdmin
    SystemAdmin
    3105 Posts
    ACCEPTED ANSWER

    Re: Connect to DB2 via TSO Functional ID (no password)

    ‏2012-09-13T13:13:19Z  in response to scottpecnik
    Scott,

    I don't know if this might be the attributes of the module. Ours are listed below:

    1. ls -El /usr/lpp/java/J7.0/lib/s390/libHIKM.so
    -rwxr-xr-x aps- 1 FTPD SYS1 212992 Aug 27 2011 /usr/lpp/java/J7.0/lib/s390/libHIKM.so

    We don't have the crypto processor installed, so I really can't offer much help.

    Also, this module appears to be deprecated, see:

    http://www-03.ibm.com/security/cryptocards/pciecc/pdf/sp425.pdf

    Peter
    • scottpecnik
      scottpecnik
      7 Posts
      ACCEPTED ANSWER

      Re: Connect to DB2 via TSO Functional ID (no password)

      ‏2012-09-14T22:45:15Z  in response to SystemAdmin
      Peter,

      Thanks again for your kind guidance. I've worked with our internal mainframe support team for hours with still no luck. We've decided to open a PMR. I wil update this thread upon resolution.

      Scott
    • scottpecnik
      scottpecnik
      7 Posts
      ACCEPTED ANSWER

      Re: Connect to DB2 via TSO Functional ID (no password)

      ‏2012-09-25T21:15:25Z  in response to SystemAdmin
      I was able to get this resolved with a little help from IBM and our mainframe support team. It turns out the default environment variables were out of whack, in particular the STEPLIB was not pointing to DB v10. My code is started via shell script that is executed from MVS as a started task. I'll be setting the correct environment variables in the shell script to go live with the code. Thanks for the help on this!

      Scott
  • NenadV
    NenadV
    1 Post
    ACCEPTED ANSWER

    Re: Connect to DB2 via TSO Functional ID (no password)

    ‏2012-11-27T15:24:17Z  in response to scottpecnik
    Hello,

    I have the same issue with db2jcct2zos4 :

    com.ibm.db2.jcc.a.SqlException: Ýjcc¨Ý10389¨Ý12245¨Ý4.3.111¨ Failure in loading native library db2jcct2zos4, java.lang.UnsatisfiedLi
    nkError: db2jcct2zos4 (Not found in java.library.path): ERRORCODE=-4472, SQLSTATE=null
    at com.ibm.db2.jcc.a.dd.a(dd.java:660)
    at com.ibm.db2.jcc.a.dd.a(dd.java:60)
    at com.ibm.db2.jcc.a.dd.a(dd.java:94)
    at com.ibm.db2.jcc.t2.a.a(a.java:37)
    at com.ibm.db2.jcc.t2zos.T2zosConfiguration.e(T2zosConfiguration.java:711)
    at com.ibm.db2.jcc.t2.T2Configuration.<clinit>(T2Configuration.java:83)
    at java.lang.J9VMInternals.initializeImpl(Native Method)
    at java.lang.J9VMInternals.initialize(J9VMInternals.java:200)
    at com.ibm.db2.jcc.DB2Driver.connect(DB2Driver.java:188)
    Any help will be appreciated.

    Regards,
    Nenad
    • scottpecnik
      scottpecnik
      7 Posts
      ACCEPTED ANSWER

      Re: Connect to DB2 via TSO Functional ID (no password)

      ‏2012-11-27T20:15:28Z  in response to NenadV
      Hi Nenad,

      The solution for me was to ensure that the classpath and STEPLIB env variables were pointing to the correct place. In particular, make sure they are both pointing to the same instance of DB2.

      Scott