IBM Support

IT14762: JMS and Java applications require the ability to specify the MQdata directory location.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Upon first use, the Java MQI implementation, which underpins the
    MQ classes for JMS and MQ classes for Java APIs, initialises and
    attempts to locate "mqclient.ini" and "mqs.ini" files.  Once
    located, these configuration files are then parsed to determine
    configuration parameters.
    
    For the "mqclient.ini" file, the locations searched by the Java
    MQI are as follows:
    
        a) The location specified by the environment variable
           "MQCLNTCF" defined on the system
    
        b) The current working directory for the JVM
    
        c) The data directory for IBM MQ, for example:
               "/var/mqm" for UNIX platforms
               "C:\Program Files\IBM\Websphere MQ" for Windows
    
        d) The home directory of the user that started the JVM
    
    
    For the "mqs.ini" configuration file, locations b), c) and d)
    are searched.
    
    
    In the case where:
    
        (1) Classes for JMS or classes for Java application is
            running on the Windows platforms
    
    AND
    
        (2) The "mqclient.ini" and/or "mqs.ini" file exists in
            the data directory for IBM MQ
    
    The Java MQI will attempt to query the Windows Registry to
    determine the data directory used by IBM MQ by invoking the
    Windows "reg.exe" application in a separate process.
    
    When the application is running in a Java Runtime that has the
    Java Security Manager enabled, the following permission must be
    set in order for the Windows "reg.exe" application to be invoked
    without an AccessControlException:
    
    permission java.io.FilePermission "<<ALL FILES>>","execute";
    
    
    For example:
    
    grant codeBase
    "file:MQ_INSTALLATION_PATH/java/lib/com.ibm.mq.allclient.jar" {
      permission java.io.FilePermission "<<ALL FILES>>","execute";
     };
    
    This APAR adds the ability to set either a Java System Property
    or system environment variable that
    specifies the location of the MQ Data Directory.
    
    As such, the above <<ALL FILES>> with "execute" Java Security
    Manager FilePermission does not need to be granted to the Java
    MQI code.
    

Local fix

Problem summary

  • ****************************************************************
    USERS AFFECTED:
    This issue affects users of the
    
      - IBM MQ V8 classes for JMS
      - IBM MQ V8 classes for Java
    
    who are using the Java Security Manager and have specific
    configuration properties within the "mqclient.ini" and/or
    "mqs.ini" files which are located in the MQ data directory.
    
    
    Platforms affected:
    Windows
    
    ****************************************************************
    PROBLEM DESCRIPTION:
    On Windows platforms, the Java MQI attempted to determine the
    IBM MQ data path by issuing a query against the Windows
    Registry.  Once the IBM MQ data path was known, the Java MQI
    attempted to find the "mqclient.ini" and "mqs.ini" configuration
    files it contained to parse.
    
    When running an application within a Java Runtime that enabled
    the Java Security Manager, the following Permission was required
    in order for the Java MQI to invoke the Windows Registry and
    issue the required query:
    
    permission java.io.FilePermission "<<ALL FILES>>","execute";
    
    This permission was required for the "com.ibm.mq.jmqi.jar" file
    or the "com.ibm.mq.allclient.jar" file, depending on which was
    being used by the application, because the Java MQI does not
    provide an absolute path to reg.exe which it attempts to invoke.
    
    Setting this FilePermission access may not be desirable within a
    secure environment because a file path consisting of special
    token "<<ALL FILES>>" matches any file, meaning that malicious
    code running within the JVM would have access to be able to run
    all executable programs on the system.
    

Problem conclusion

  • This APAR adds support for the following Java System Property:
    
      com.ibm.mq.cfg.MQ_DATA_PATH
    
    and the system environment variable:
    
      MQ_DATA_PATH
    
    which can be used to specify the location of the IBM MQ Data
    Path.  Examples of how to do this on the Windows platform are as
    follows:
    
    Java System Property:
    
    java -Dcom.ibm.mq.cfg.MQ_DATA_PATH="C:\Program
    Files\IBM\Websphere MQ" MyClass
    
    To use the system environment variable:
    
    set MQ_DATA_PATH="C:\Program Files\IBM\Websphere MQ"
    java MyClass
    
    
    When either of these variables are used, the value provided is
    used by the Java MQI when it attempts to locate the
    "mqclient.ini" and "mqs.ini" configuration files.  In this case,
    on Windows platforms, the Windows Registry is not queried.
    
    
    The required Java Security Manager Permission to read the
    "com.ibm.mq.cfg.MQ_DATA_PATH" Java System Property is:
    
    permission java.util.PropertyPermission
    "com.ibm.mq.cfg.*","read";
    
    
    The required Java Security Manager Permission to read the
    "MQ_DATA_PATH" system environment variable is:
    
    permission java.lang.RuntimePermission "getenv.MQ_DATA_PATH";
    
    
    Note that while this APAR is specifically concerned with the
    Java Security Manager permissions needed to to run the "reg.exe"
    program on Windows, the above environment and JVM properties are
    available for use on all platforms.
    
    ---------------------------------------------------------------
    The fix is targeted for delivery in the following PTFs:
    
    Version    Maintenance Level
    v8.0       8.0.0.6
    
    The latest available maintenance can be obtained from
    'WebSphere MQ Recommended Fixes'
    http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006037
    
    If the maintenance level is not yet available information on
    its planned availability can be found in 'WebSphere MQ
    Planned Maintenance Release Dates'
    http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006309
    ---------------------------------------------------------------
    

Temporary fix

Comments

APAR Information

  • APAR number

    IT14762

  • Reported component name

    WMQ BASE MULTIP

  • Reported component ID

    5724H7251

  • Reported release

    800

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2016-04-12

  • Closed date

    2016-06-27

  • Last modified date

    2017-06-01

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WMQ BASE MULTIP

  • Fixed component ID

    5724H7251

Applicable component levels

  • R800 PSY

       UP

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSYHRD","label":"IBM MQ"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.0.0.0","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
01 June 2017