Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

JMSWMQ2013: The security authentication was not valid error since icr.io/ibm-messaging/mq:9.3.4.1-r1 #559

Open
theangrydev opened this issue Apr 17, 2024 · 2 comments

Comments

@theangrydev
Copy link

theangrydev commented Apr 17, 2024

I used to be able to start the container like:

docker run \
--env LICENSE=accept \
--env MQ_QMGR_NAME= QM1 \
--publish 1414:1414 \
--detach icr.io/ibm-messaging/mq:9.3.3.3-r2

And connect successfully using:

JmsConnectionFactory factory = JmsFactoryFactory
    .getInstance("com.ibm.msg.client.wmq")
    .createConnectionFactory();
factory.setIntProperty("XMSC_WMQ_CONNECTION_MODE", 1);
factory.setStringProperty("XMSC_WMQ_HOST_NAME", "localhost");
factory.setIntProperty("XMSC_WMQ_PORT", 1414);
factory.setStringProperty("XMSC_WMQ_QUEUE_MANAGER", "QM1");
factory.setStringProperty("XMSC_WMQ_CHANNEL", "DEV.APP.SVRCONN");
factory.setBooleanProperty("XMSC_USER_AUTHENTICATION_MQCSP", false);
return factory.createConnection("app", "");

With either empty string or null for the password.

But since icr.io/ibm-messaging/mq:9.3.4.1-r1 (or 9.3.4.0-r1) I get this error on Linux:

Caused by: com.ibm.msg.client.jms.DetailedJMSSecurityException: JMSWMQ2013: The security authentication was not valid that was supplied for queue manager 'QM1' with connection mode 'Client' and host name 'localhost(1414)'.
Please check if the supplied username and password are correct on the queue manager to which you are connecting.  For further information, review the queue manager error logs and the Securing IBM MQ topic within IBM Documentation.
  at com.ibm.msg.client.wmq.common.internal.Reason.reasonToException(Reason.java:531)
  at com.ibm.msg.client.wmq.common.internal.Reason.createException(Reason.java:215)
  at com.ibm.msg.client.wmq.internal.WMQConnection.<init>(WMQConnection.java:482)
  at com.ibm.msg.client.wmq.factories.WMQConnectionFactory.createV7ProviderConnection(WMQConnectionFactory.java:9009)
  at com.ibm.msg.client.wmq.factories.WMQConnectionFactory.createProviderConnection(WMQConnectionFactory.java:8349)
  at com.ibm.msg.client.jms.admin.JmsConnectionFactoryImpl._createConnection(JmsConnectionFactoryImpl.java:322)
  at com.ibm.msg.client.jms.admin.JmsConnectionFactoryImpl.createConnection(JmsConnectionFactoryImpl.java:242)
  at com.ibm.mq.jms.MQConnectionFactory.createCommonConnection(MQConnectionFactory.java:6193)
  at com.ibm.mq.jms.MQConnectionFactory.createConnection(MQConnectionFactory.java:6256)
  ...<snip>...
Caused by: com.ibm.mq.MQException: JMSCMQ0001: IBM MQ call failed with compcode '2' ('MQCC_FAILED') reason '2035' ('MQRC_NOT_AUTHORIZED').
  at com.ibm.msg.client.wmq.common.internal.Reason.createException(Reason.java:203)
  ... 13 more
@arthurbarr
Copy link
Member

The MQ Advanced for Developers offers additional developer configuration to help you get started, which includes the "app" and "admin" users. Previously, the admin user had a default password ("passw0rd"), and the app user could connect with no password. Both of these were identified as potential security issues, and that they shouldn't apply by default. So now the user won't be available unless you explicitly set the password by using an environment variable: MQ_APP_PASSWORD for the app user; MQ_ADMIN_PASSWORD for the admin user.

@theangrydev
Copy link
Author

Makes sense, is this in the release notes somewhere I must have missed it?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants