Issues with connecting to ibm mq 7.5 using java

2
votes

I'm very new to ibm mq, I find out the documents or books related to mb are so few, the only one I found is 'WebSphere MQ Using Java' written in 2004. But the real world has changed a lot. I installed and verified mq server 7.5 on redhat linux 64 bit successfully according to this

I also created queue manager myqm1, queue LQ.TEST, channel JAVA.CHANNEL and did some test through command lines on server to ensure they work well. However when I installed a mq client on windows xp and wrote below java code, it always throw a exception:com.ibm.mq.MQException: MQJE001: Completion Code '2', Reason '2035'

my code:

import com.ibm.mq.*; import com.ibm.mq.constants.MQConstants;

/** * Simple example program */ public class MQSample {

// code identifier
static final String sccsid = "@(#) MQMBID sn=p000-L120604 su=_H-IvIK4nEeGko6IWl3MDhA pn=MQJavaSamples/wmqjava/MQSample.java";

// define the name of the QueueManager
private static final String qManager = "myqm1";
// and define the name of the Queue
private static final String qName = "LQ.TEST";

/**
 * Main entry point
 *
 * @param args - command line arguments (ignored)
 */
public static void main(String args[]) {
    try {
        MQEnvironment.hostname = "58.2.221.196"; 
        MQEnvironment.channel = "JAVA.CHANNEL"; 
        MQEnvironment.port = 1414;
        MQEnvironment.properties.put(MQC.TRANSPORT_PROPERTY, MQC.TRANSPORT_MQSERIES);
        MQEnvironment.userID = "mqm"; 
        MQEnvironment.password = "mqm";
        MQEnvironment.CCSID = 1208;

        // Create a connection to the QueueManager
        System.out.println("Connecting to queue manager: " + qManager);
        MQQueueManager qMgr = new MQQueueManager(qManager);

        // Set up the options on the queue we wish to open
        int openOptions = MQConstants.MQOO_INPUT_AS_Q_DEF | MQConstants.MQOO_OUTPUT;

        // Now specify the queue that we wish to open and the open options
        System.out.println("Accessing queue: " + qName);
        MQQueue queue = qMgr.accessQueue(qName, openOptions);

        // Define a simple WebSphere MQ Message ...
        MQMessage msg = new MQMessage();
        // ... and write some text in UTF8 format
        msg.writeUTF("Hello, World!");

        // Specify the default put message options
        MQPutMessageOptions pmo = new MQPutMessageOptions();

        // Put the message to the queue
        System.out.println("Sending a message...");
        queue.put(msg, pmo);

        // Now get the message back again. First define a WebSphere MQ
        // message
        // to receive the data
        MQMessage rcvMessage = new MQMessage();

        // Specify default get message options
        MQGetMessageOptions gmo = new MQGetMessageOptions();

        // Get the message off the queue.
        System.out.println("...and getting the message back again");
        queue.get(rcvMessage, gmo);

        // And display the message text...
        String msgText = rcvMessage.readUTF();
        System.out.println("The message is: " + msgText);

        // Close the queue
        System.out.println("Closing the queue");
        queue.close();

        // Disconnect from the QueueManager
        System.out.println("Disconnecting from the Queue Manager");
        qMgr.disconnect();
        System.out.println("Done!");
    } catch (MQException ex) {
        ex.printStackTrace();
        System.out.println("A WebSphere MQ Error occured : Completion Code " + ex.completionCode
                + " Reason Code " + ex.reasonCode);


    } catch (java.io.IOException ex) {
        System.out.println("An IOException occured whilst writing to the message buffer: " + ex);
    }
    return;
} }

Can anybody throw a light to me on that? I'm totally down.

2
javaibm-mq
Possibly related: stackoverflow.com/questions/5101840/…beny23
Looks like your username and password may be wrong as 2035 is NOT AUTHORIZEDbeny23
Did you even ask google for com.ibm.mq.MQException: MQJE001: Completion Code '2', Reason '2035'?home
@beny23 FYI...WMQ does not validate the password unless a channel security exit is present.T.Rob
@user1458290 The downloads for WMQ server and client contain documentation that you can install locally. You can also access the most current Infocenter on the web here. If you need access to manuals for other versions of WMQ client or server you can also go to this page which links to docs for all versions going back to V5.0 or thereabouts.T.Rob

2 Answers

5
votes

To expand on Shashi's answer, since WMQ V7.1 the default CHLAUTH rules block all access on all SVRCONN channels and they block administrative access on all SVRCONN channels. If you really want to connect to JAVA.CHANNEL as mqm then you will need to override both of these behaviors.

If you are actually willing to allow remote, unauthenticated connections to the QMgr with an administrative user ID, then you have the option of disabling CHLAUTH rules altogether. You can do this by issuing the ALTER QMGR CHLAUTH(DISABLED) command in runmqsc however this is HIGHLY discouraged because it leaves the QMgr open to anonymous remote code execution using the WMQ administrative user ID. This is, however, what you appear to be trying to do.

The recommended approach would be to use an ID that is not administrative. For example, if you made an ID called mquser with a private group also called mquser then you could grant it rights to connect and inquire on the QMgr and to open the designated queue for put, get, browse and inquire. Since the ID is not administrative, it would be relatively safe to use on unauthenticated channels. You could change your code to specify the ID as mquser instead of mqm and then use a CHLAUTH rule to allow the connection. For example:

SET CHLAUTH('JAVA.CHANNEL') TYPE(USERMAP) +
    CLNTUSER('mquser') USERSRC(MAP) +
    MCAUSER('mquser') ACTION(ADD)

The above rule tells the QMgr "when you see a connection from the mquser ID on JAVA.CHANNEL, then set MCAUSER to mquser and allow the connection."

When you grant permissions, remember to grant them on the group and not the user. For example, if using setmqaut use the -g option and not the -p option. If there are any issues with authorization errors, you can sort these out easily using event messages. First, enable events using the ALTER QMGR AUTHOREV(ENABLED). This will cause the QMgr to emit an event message into the SYSTEM.ADMIN.QMGR.EVENT queue. You can use SupportPac MH05 or SupportPac MS0P to parse the event messages. For any given authorization event the message tells you the ID that requested access, the API call (connect, open, close etc.), the object the call was made against and the exact options that were used.

Prior to WMQ V7.1, WebSphere MQ allowed all remote connections, even anonymous, administrative ones. Although this allowed you to connect easily, in today's more hostile network environment the ability to remotely and anonymously execute code on the QMgr's host server is seen as an unacceptable security risk. So now a new QMgr is set to not allow any remote administrative access by default. As the administrator this requires you to explicitly disable security to get the old behavior or to explicitly provision secure access.

3
votes

In MQ v7.5, by default access to queue manager is blocked. You need to create channel authentication records for the channel you created, JAVA.CHANNEL to allow user to access queue manager. Please follow this link for more details on Channel Authentication Records