axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mark Badorrek" <mbador...@avoga.com.au>
Subject RE: JMS WebsphereMQ Security
Date Thu, 14 Jun 2007 22:27:01 GMT
OK - after checking with the WebsphereMQ crowd I have this link:
 
http://www.mqseries.net/phpBB2/viewtopic.php?p=123536
 
What this means is that there are legitimate conditions where one has to supply a userID and
password during the call:
 
con = conFactory.createConnection(userID, password);
rather than
con = conFactory.createConnection();
 
As such, I'll raise a JIRA with the proposed changes. i.e. Current functionality is the default,
but with an option to use the new call.
 
Does anyone else here use WebsphereMQ rather than ActiveMQ as their JMS provider? I'm trying
to gauge how much of a problem this is. (It certainly is one for me as a WebsphereMQ user).
 
Mark B
 

________________________________

From: Mark Badorrek [mailto:mbadorrek@avoga.com.au]
Sent: Thu 6/14/2007 3:39 PM
To: axis-dev@ws.apache.org
Subject: JMS WebsphereMQ Security


Environment:
Tomcat 6.0.10
WindowsXP
Websphere MQ6.0 as the JMS provider
 
I've having mixed success using axis2 with Websphere 6 as my JMS transport.
 
My serverXMl contains the following entry:
 
 <Resource
    name="jms/MyQCF"
    auth="Container"
    type="com.ibm.mq.jms.MQQueueConnectionFactory"
    factory="com.ibm.mq.jms.MQQueueConnectionFactoryFactory"
    description="JMS Queue Connection Factory for sending messages"
    HOST="10.20.240.112"
    PORT="1414"
    CHAN="CLIENTS"
    TRAN="1"
    QMGR="GRM"/>

    <Resource
    name="jms/MyQIn"
    auth="Container"
    type="com.ibm.mq.jms.MQQueue"
    factory="com.ibm.mq.jms.MQQueueFactory"
    description="JMS Queue for receiving messages"
    QU="Q.IN"/>  
 
 
I setup the axis2.xml conf file appropriately and *everything works*. Messages in and out.
:-)
 
The problem starts when I try to use a QueueManager on another machine remote from Tomcat.
I get a security error.
 
Now I see in that in the JMSConnectionFactory.java file we have two calls to create a connect
 thus:
 
con = conFactory.createConnection();
 
There is another JMS method of creating a connection (which we don't use - yet):
 
con = conFactory.createConnection(userID, password);
 
For any non-WebsphereMQ people here, there are twoways of connectiing to a Websphere QueueManager
/ QueueConnectionFactory:
1. Server/Bindings - local connection on the same machine, OS credentials are used
2. Client - remote connection to a queuemanager - ****userID and Password must be supplied.****
 
My example above is calling using the 'CLIENT' method. So as I have no-where to supply the
userID and password, my connection attempt fails.
 
So can anyone either:
 
1. Advise how I should be performing userID/password credentials for WebsphereMQ CLIENT connections
using the current structure. (perhaps with java.naming.security.principal / java.naming.security.credentials)
 
or
 
2. Do you think that I should generate a patch to allow use to use either type of connection
method?
con = conFactory.createConnection();
con = conFactory.createConnection(userID, password);
 
(I'm also asking this question in a specialist MQ forum for further insight)
 
Cheers,
 
Mark B
 
 

Mime
View raw message