Closed as program error.
When using the IBM MQ JCA Resource Adapter for outbound messaging within a WebSphere Liberty application server environment, the following exception is thrown when an application creates a JMS Connection and an attempt is made to reuse one from the application server's connection pool: J2CA0021E: An exception occurred while trying to get a Connection from the Managed Connection resource jms/myCF : com.ibm.mq.connector.DetailedSecurityException: MQJCA1028: Re-authentication is not supported., error code: MQJCA1028 The application server attempted to re-authenticate a JMS connection, but the IBM MQ resource adapter does not support re-authentication. In the supplied ra.xml file, the property called reauthentication-support has the value false. Make sure that you have not changed the value of this property. If the property still has the value false, then this error is an application server error. at com.ibm.mq.connector.services.JCAExceptionBuilder.buildException (JCAExceptionBuilder.java:194) at com.ibm.mq.connector.services.JCAExceptionBuilder.buildException (JCAExceptionBuilder.java:111) at com.ibm.mq.connector.outbound.ManagedQueueConnectionImpl.getConn ection(ManagedQueueConnectionImpl.java:140) at com.ibm.ejs.j2c.MCWrapper.getConnection(MCWrapper.java:2148) at com.ibm.ejs.j2c.ConnectionManager.allocateConnection(ConnectionM anager.java:361) at com.ibm.mq.connector.outbound.ConnectionFactoryImpl.createManage dJMSConnection(ConnectionFactoryImpl.java:307) at com.ibm.mq.connector.outbound.ConnectionFactoryImpl.createConnec tionInternal(ConnectionFactoryImpl.java:250) at com.ibm.mq.connector.outbound.QueueConnectionFactoryImpl.createQ ueueConnection(QueueConnectionFactoryImpl.java:187) at com.ibm.mq.connector.outbound.QueueConnectionFactoryImpl.createC onnection(QueueConnectionFactoryImpl.java:150) at com.ibm.mq.connector.outbound.QueueConnectionFactoryImpl.createC onnection(QueueConnectionFactoryImpl.java:122) ... This error is written to the WebSphere Liberty messages.log file.
Configure the application deployed to the application server to use application-managed authentication instead of container-managed authentication. Alternatively, use container-managed authentication but pass null for the username and password parameters when creating a JMS Connection or Context object from a JMS Connection Factory.
**************************************************************** USERS AFFECTED: This issue affects users of the IBM MQ V9 JCA Resource Adapter who have JMS applications that perform outbound messaging in non-WebSphere Application Server JEE application server environments. Platforms affected: MultiPlatform **************************************************************** PROBLEM DESCRIPTION: When using the IBM MQ JCA Resource Adapter (MQ-RA) for outbound messaging, a JEE application server will invoke the method: matchManagedConnections(java.util.Set, javax.security.auth.Subject, javax.resource.spi.ConnectionRequestInfo) on the javax.resource.spi.ManagedConnectionFactory (provided by the MQ-RA) for the MQ-RA to attempt to match a ManagedConnection instance from the Set, in order to service a connection request from an application, such as Servlet. The MQ-RA iterated over the ManagedConnection objects in the Set and compared the ConnectionRequestInfo object passed into the matchManagedConnections method with the one cached on the ManagedConnection when it was created. If the two were equal, then the ManagedConnection object would be returned. The Subject (security context) would not be compared in this case. The JEE application server would then call the method: getConnection(javax.security.auth.Subject, javax.resource.spi.ConnectionRequestInfo) on the chosen ManagedConnection object in order to establish an application-level connection handle. The MQ-RA does not support re-authentication (as outlined in Section 9.1.9 of the JavaEE Connector Architecture Specification). As such, the getConnection method on the ManagedConnection throws a javax.resource.spi.SecurityException in the case where the Subject passed into the getConnection method call was not equal to the one associated with the ManagedConnection instance when it was created. Because the matchManagedConnections method in the ManagedConnection class did not consider the Subject in its matching algorithm if a suitably matching ConnectionRequestInfo was found, then this method could have returned a ManagedConnection object with a different Subject compared to the one passed in on the matchManagedConnections and subsequent getConnection method calls. When this occurred, the exception: com.ibm.mq.connector.DetailedSecurityException: MQJCA1028: Re-authentication is not supported. was thrown by the MQ-RA to the application server.
The method: matchManagedConnections(java.util.Set, javax.security.auth.Subject, javax.resource.spi.ConnectionRequestInfo) within the ManagedConnection object, provided by the IBM MQ JCA Resource Adapter (MQ-RA), has been updated such that both the Subject and the ConnectionRequestInfo objects passed into the method call must be equal to those associated with a ManagedConnection from the Set in order for that for that ManagedConnection to be returned. Re-authentication remains unsupported in the MQ-RA. --------------------------------------------------------------- The fix is targeted for delivery in the following PTFs: Version Maintenance Level v9.0 CD 9.0.4 v9.0 LTS 22.214.171.124 The latest available maintenance can be obtained from 'WebSphere MQ Recommended Fixes' http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006037 If the maintenance level is not yet available information on its planned availability can be found in 'WebSphere MQ Planned Maintenance Release Dates' http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006309 ---------------------------------------------------------------
Reported component name
IBM MQ BASE M/P
Reported component ID
NoSpecatt / Xsystem
Last modified date
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fixed component name
IBM MQ BASE M/P
Fixed component ID
Applicable component levels
19 September 2017